[slackware-security] util-linux

New util-linux packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/util-linux-2.37.4-i586-2slack15.0.txz: Rebuilt. Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's '-h'...

Slackware Linux 15.0 / current util-linux Vulnerability (SSA:2023-290-01)

The version of util-linux installed on the remote host is prior to 2.37.4 / 2.39.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-290-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2020-21583

A vulnerability was found in hwclock in util-linux, which allowed non-root users to access the hardware clock. This flaw allows an attacker to execute arbitrary code via the path parameter when setting the date...

Oracle Linux 6 : util-linux-ng (ELSA-2011-1691)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1691 advisory. - fix CVE-2011-1675 - mount fails to anticipate RLIMITFSIZE - fix CVE-2011-1677 - umount may fail to remove /etc/mtab lock file Tenable has extracted t...

SUSE: Security Advisory (SUSE-SU-2023:3268-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : util-linux (SUSE-SU-2023:3268-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3268-1 advisory. - In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell comman...

SUSE-SU-2023:3268-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions. bsc1213865, bsc1084300...

Potential privilege escalation by embedding shell commands in a mountpoint name

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

util-linux bug fix update

An update is available for util-linux. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The util-linux packages contain a large variety of low-level system...

util-linux bug fix and enhancement update

An update is available for util-linux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The util-linux packages contain a large variety of low-level system...

Medium: util-linux

Issue Overview: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a pref...

Amazon Linux 2023 : libblkid, libblkid-devel, libfdisk (ALAS2023-2023-024)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-024 advisory. A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to...

SUSE CVE-2005-2876

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r remount option, which causes the file system to be remounted with just the read-only flag, which effectively clears the...

SUSE CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

SUSE CVE-2011-1676

mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations...

SUSE CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...

SUSE CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors...

SUSE CVE-2013-0157

a mount and b umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by 1 using the --guess-fstype command-line option or 2 attempting to mount a non-existent device, which generates different error messages dependin...

SUSE CVE-2014-9114

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code...

SUSE CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...