Lucene search
SuseOPENSUSE-SU-2022:0727-1HistoryMar 04, 2022 - 12:00 a.m.
Security update for libeconf, shadow and util-linux (moderate)
2022-03-0400:00:00
lists.opensuse.org
20
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
An update that solves two vulnerabilities, contains two
features and has two fixes is now available.
Description:
This security update for libeconf, shadow and util-linux fix the following
issues:
libeconf:
- Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by
‘util-linux’ and ‘shadow’ to fix autoyast handling of security related
parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
Issues fixed in libeconf:
- Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
- Fixed different issues while writing string values to file.
- Writing comments to file too.
- Fixed crash while merging values.
- Added econftool cat option (#146)
- new API call: econf_readDirsHistory (showing ALL locations)
- new API call: econf_getPath (absolute path of the configuration file)
- Man pages libeconf.3 and econftool.8.
- Handling multiline strings.
- Added libeconf_ext which returns more information like line_nr,
comments, path of the configuration file,… - Econftool, an command line interface for handling configuration files.
- Generating HTML API documentation with doxygen.
- Improving error handling and semantic file check.
- Joining entries with the same key to one single entry if env variable
ECONF_JOIN_SAME_ENTRIES has been set.
shadow:
- The legacy code does not support /etc/login.defs.d used by YaST. Enable
libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
util-linux:
- The legacy code does not support /etc/login.defs.d used by YaST. Enable
libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent
blockdev --reportaborting (bsc#1188507) - Fixed
blockdev --reportusing non-space characters as a field
separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux’s libmount.
(bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux’s libmount.
(bsc#1194976)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-727=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.3 | aarch64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm | |
| openSUSE Leap | 15.3 | ppc64le | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm | |
| openSUSE Leap | 15.3 | s390x | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm | |
| openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (x86_64): | - openSUSE Leap 15.3 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.3 | noarch | < - openSUSE Leap 15.3 (noarch): | - openSUSE Leap 15.3 (noarch):.noarch.rpm |
Related
nessus
nessus
EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2022-1654)
2022-05-06 00:00:00
EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1461)
2022-04-18 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2022-1640)
2022-05-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0727-1)
2022-03-05 00:00:00
openSUSE: Security Advisory for libeconf, (openSUSE-SU-2022:0727-1)
2022-03-05 00:00:00
osv
osv
util-linux - security update
2022-01-24 00:00:00
util-linux vulnerabilities
2022-02-09 13:26:34
CVE-2021-3996
2022-08-23 20:15:08
redos
redos
ROS-20220128-03
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 5055-1] util-linux security update
2022-01-24 11:31:30
ubuntu
ubuntu
util-linux vulnerabilities
2022-02-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: util-linux-2.37.3-1.fc35
2022-02-05 01:22:21
gentoo
gentoo
util-linux: Multiple Vulnerabilities
2024-01-07 00:00:00
mageia
mageia
Updated util-linux packages fix security vulnerability
2022-02-22 23:15:16
photon
photon
Important Photon OS Security Update - PHSA-2022-0147
2022-01-27 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0147
2022-01-27 00:00:00
alpinelinux
alpinelinux
CVE-2021-3996
2022-08-23 20:15:00
CVE-2021-3995
2022-08-23 20:15:00
veracode
veracode
Denial Of Service (DoS)
2022-01-26 14:30:52
Denial Of Service (DoS)
2022-01-26 14:30:50
cve
cve
CVE-2021-3996
2022-08-23 20:15:00
CVE-2021-3995
2022-08-23 20:15:00
debiancve
debiancve
CVE-2021-3996
2022-08-23 20:15:00
CVE-2021-3995
2022-08-23 20:15:00
cbl_mariner
cbl_mariner
CVE-2021-3996 affecting package util-linux 2.32.1-7
2024-05-05 21:06:48
CVE-2021-3995 affecting package util-linux 2.32.1-7
2024-05-05 21:06:48
prion
prion
Design/Logic Flaw
2022-08-23 20:15:00
Design/Logic Flaw
2022-08-23 20:15:00
redhatcve
redhatcve
CVE-2021-3996
2022-01-24 12:42:16
CVE-2021-3995
2022-01-24 12:39:50
ubuntucve
ubuntucve
CVE-2021-3996
2022-02-01 00:00:00
CVE-2021-3995
2022-02-01 00:00:00
zdt
zdt
packetstorm
packetstorm
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
qualysblog
qualysblog
thn
thn
New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager
2022-02-18 08:37:00
avleonov
avleonov
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Related for OPENSUSE-SU-2022:0727-1