Download
| Alert*
oval:org.secpod.oval:def:1504536
[2.17.2-12.4] - fix CVE-2011-1675 - mount fails to anticipate RLIMIT_FSIZE - fix CVE-2011-1677 - umount may fail to remove /etc/mtab~ lock file [2.17.2-12.3] - fix fatal typos in patch for #723546 [2.17.2-12.2] - rename /etc/hushlogin to /etc/hushlogins [2.17.2-12.1] - fix #723546 - Defects reveale ... oval:org.secpod.oval:def:1504538 uuidd is installed oval:org.secpod.oval:def:89044717 This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges . This non-security issues were fixed: - lscpu: Implement WSL detection and w ... oval:org.secpod.oval:def:89045277 This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths . - Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning - Replace cifs mount detection patch with upstream one that covers all cases . - Reuse exi ... oval:org.secpod.oval:def:89050721 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored - Prevent outdated pam files . - Do not trim read-only volumes . - Integrate pam_keyinit pam module to login . - Perform one-time reset of /etc/default ... oval:org.secpod.oval:def:89050816 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored - Prevent outdated pam files . - De-duplicate fstrim -A properly . - Do not trim read-only volumes . - Integrate pam_keyinit pam module to login . - Pe ... oval:org.secpod.oval:def:1701083 A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion oval:org.secpod.oval:def:89049649 This update for util-linux fixes the following security issue: - CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name oval:org.secpod.oval:def:89049249 This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions oval:org.secpod.oval:def:89003480 This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user . These non-secu ... oval:org.secpod.oval:def:89047566 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by "util-linux" and "shadow" to fix autoyast handling of security related parameters Issues fixed in libeconf: - Reading numbers with different ... oval:org.secpod.oval:def:19500021 A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of th ... oval:org.secpod.oval:def:1701070 A flaw was found in the Linux kernel's util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing ... oval:org.secpod.oval:def:89051155 This update for util-linux fixes the following issues: * CVE-2018-7738: Fixed shell code injection in umount bash-completions . oval:org.secpod.oval:def:89051709 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall. * Prevent error message if `/var/lib/libuuid/clock.txt` does not exist * Fixed performance degradation oval:org.secpod.oval:def:89051735 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051739 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051736 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051737 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89047091 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements in sys-utils/ipcutils.c oval:org.secpod.oval:def:1701142 ** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all ... |