Download
| Alert*
oval:org.secpod.oval:def:603307
util-linux is installed oval:org.secpod.oval:def:501291 util-linux is installed oval:org.secpod.oval:def:204160 The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * It was found that util-linux"s libblkid library did not properly handle Ext ... oval:org.secpod.oval:def:204474 The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ... oval:org.secpod.oval:def:500738 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab fi ... oval:org.secpod.oval:def:89044717 This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges . This non-security issues were fixed: - lscpu: Implement WSL detection and w ... oval:org.secpod.oval:def:89045277 This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths . - Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning - Replace cifs mount detection patch with upstream one that covers all cases . - Reuse exi ... oval:org.secpod.oval:def:89050721 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored - Prevent outdated pam files . - Do not trim read-only volumes . - Integrate pam_keyinit pam module to login . - Perform one-time reset of /etc/default ... oval:org.secpod.oval:def:89050816 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored - Prevent outdated pam files . - De-duplicate fstrim -A properly . - Do not trim read-only volumes . - Integrate pam_keyinit pam module to login . - Pe ... oval:org.secpod.oval:def:107998 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. oval:org.secpod.oval:def:108218 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. oval:org.secpod.oval:def:1900466 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:501889 The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * It was found that util-linux"s libblkid library did not properly handle Ext ... oval:org.secpod.oval:def:1501658 The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * It was found that util-linux"s libblkid library did not properly handle Ext ... oval:org.secpod.oval:def:1900470 run user in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:50590 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. oval:org.secpod.oval:def:50589 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. oval:org.secpod.oval:def:2001319 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal"s input buffer. oval:org.secpod.oval:def:112104 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. oval:org.secpod.oval:def:502012 The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ... oval:org.secpod.oval:def:1501823 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1901692 A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. oval:org.secpod.oval:def:112080 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. oval:org.secpod.oval:def:1600694 Sending SIGKILL to other processes with root privileges via su:A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. oval:org.secpod.oval:def:89002255 This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user . These non-secu ... oval:org.secpod.oval:def:603306 Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user is tricked into using the umount complet ... oval:org.secpod.oval:def:705633 util-linux: miscellaneous system utilities util-linux could be made to run programs when performing bash completion. oval:org.secpod.oval:def:1701083 A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion oval:org.secpod.oval:def:89002279 This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user . These non-secu ... oval:org.secpod.oval:def:89049649 This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name oval:org.secpod.oval:def:89049249 This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions oval:org.secpod.oval:def:89003480 This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user . These non-secu ... oval:org.secpod.oval:def:53271 Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user is tricked into using the umount complet ... oval:org.secpod.oval:def:114133 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. oval:org.secpod.oval:def:89047566 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by "util-linux" and "shadow" to fix autoyast handling of security related parameters Issues fixed in libeconf: - Reading numbers with different ... oval:org.secpod.oval:def:88332 The Qualys Research Labs discovered two vulnerabilities in util-linux"s libmount. These flaws allow an unprivileged user to unmount other users" filesystems that are either world-writable themselves or mounted in a world-writable directory , or to unmount FUSE filesystems that belong to certain othe ... oval:org.secpod.oval:def:121595 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. oval:org.secpod.oval:def:605786 The Qualys Research Labs discovered two vulnerabilities in util-linux"s libmount. These flaws allow an unprivileged user to unmount other users" filesystems that are either world-writable themselves or mounted in a world-writable directory , or to unmount FUSE filesystems that belong to certain othe ... oval:org.secpod.oval:def:19500021 A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of th ... oval:org.secpod.oval:def:1701070 A flaw was found in the Linux kernel's util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing ... oval:org.secpod.oval:def:89051155 This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions . oval:org.secpod.oval:def:1701142 ** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all ... oval:org.secpod.oval:def:89047091 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements in sys-utils/ipcutils.c oval:org.secpod.oval:def:89051735 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051739 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051736 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051737 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:99567 util-linux: miscellaneous system utilities util-linux could be made to expose sensitive information. oval:org.secpod.oval:def:99577 util-linux: miscellaneous system utilities Details: USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Original advisory util-linux could be ma ... oval:org.secpod.oval:def:708869 util-linux: miscellaneous system utilities Details: USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Original advisory util-linux could be ma ... oval:org.secpod.oval:def:89051709 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall. * Prevent error message if `/var/lib/libuuid/clock.txt` does not exist * Fixed performance degradation oval:org.secpod.oval:def:708858 util-linux: miscellaneous system utilities util-linux could be made to expose sensitive information. |