openSUSE Security Update : util-linux (openSUSE-2015-702)

util-linux was updated to fix one security issue. This security issue was fixed : - CVE-2015-5218: Prevent colcrt buffer overflow bsc949754. This non-security issue was fixed : - bsc903440: Calendar 'cal' crash with segmentation fault when execute in background. %NASLMINLEVEL 70300 C Tenable...

Mageia: Security Advisory (MGASA-2015-0352)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2012-0307)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201405-15

Gentoo Linux Local Security Checks GLSA 201405-15 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Updated util-linux packages fix CVE-2015-5224

Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary...

util-linux Package 'hwclock(8)' local elevation of privilege vulnerability

The util-linux package is a suite of system administration tools for Linux that provides tools to load, unload, format, partition and manage hard drives, open tty ports and get kernel messages. The util-linux package is vulnerable to a local boost vulnerability. A local attacker could exploit thi...

hwclock Privilege Escalation

Hello, During a recent assessment I have stumbled across a system which had hwclock8 setuid root hwclock is a part of util-linux, all versions affected $ man hwclock | sed -n '223,231p' Users access and setuid Sometimes, you need to install hwclock setuid root. If you want users other than the...

SUSE SLED12 / SLES12 Security Update : util-linux (SUSE-SU-2015:0270-1)

util-linux was updated to fix one security issue. This security issue was fixed : - CVE-2014-9114: Using crafted block devices e.g. USB sticks it was possibly to inject code via libblkid. libblkid was fixed to care about unsafe chars and possible buffer overflow in cache bnc907434 The update...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the util-linux package of the Debian GNU/Linux operating system can be exploited, which may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the util-linux package up to version 2.22.2 of the Gentoo Linux operating system can lead to violations of privacy, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

util-linux blkid commands injection

No description provided...

[ MDVSA-2015:122 ] util-linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:122 http://www.mandriva.com/en/support/security/ Package : util-linux Date : March 29, 2015 Affected: Business Server 2.0 Problem Description: Updated util-linux packages fix security vulnerability: Sebastia...

Mandriva Linux Security Advisory : util-linux (MDVSA-2015:122)

Updated util-linux packages fix security vulnerability : Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and...

util-linux: command injection

There is a command injection inside blkid. It uses caching files /dev/.blkid.tab or /run/blkid/blkid.tab to store info about the UUID, LABEL etc it finds on certain devices. However, it does not strip " character, so it can be confused to build variable names containing embedded shell metas, whic...

SuSE 11.3 Security Update : util-linux (SAT Patch Number 10452)

util-linux has been updated to fix one security issue : - command injection flaw in blkid bnc907434. Additionally, these non-security issues have been fixed :. CVE-2014-9114 - Fix possible script hang. bnc888678 - Enable build of libmount / findmnt. bnc900965 - Don't stop trying filesystem when...

SUSE-SU-2015:0270-1 Security update for util-linux

util-linux was updated to fix one security issue. This security issue was fixed: - CVE-2014-9114: Using crafted block devices e.g. USB sticks it was possibly to inject code via libblkid. libblkid was fixed to care about unsafe chars and possible buffer overflow in cache bnc907434 This non-securit...

openSUSE Security Update : util-linux (openSUSE-SU-2015:0066-1)

util-linux was updated to fix a security issue, where local attackers might be able to execute code as root with a prepared USB stick CVE-2014-9114 bsc907434. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Fedora Update for util-linux FEDORA-2014-15908

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: util-linux-2.25.2-2.fc21

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program...