Описание
Security update for util-linux
This update for util-linux fixes the following issues:
This non-security issue was fixed:
- CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300).
These non-security issues were fixed:
- Fixed crash loop in lscpu (bsc#1072947).
- Fixed possible segfault of umount -a
- Fixed mount -a on NFS bind mounts (bsc#1080740).
- Fixed lsblk on NVMe (bsc#1078662).
Список пакетов
SUSE Enterprise Storage 4
libblkid1-2.28-44.18.18
libblkid1-32bit-2.28-44.18.18
libfdisk1-2.28-44.18.18
libmount1-2.28-44.18.18
libmount1-32bit-2.28-44.18.18
libsmartcols1-2.28-44.18.18
libuuid1-2.28-44.18.18
libuuid1-32bit-2.28-44.18.18
python-libmount-2.28-44.18.38
util-linux-2.28-44.18.18
util-linux-lang-2.28-44.18.18
util-linux-systemd-2.28-44.18.25
uuidd-2.28-44.18.25
SUSE Linux Enterprise Server 12 SP2-BCL
libblkid1-2.28-44.18.18
libblkid1-32bit-2.28-44.18.18
libfdisk1-2.28-44.18.18
libmount1-2.28-44.18.18
libmount1-32bit-2.28-44.18.18
libsmartcols1-2.28-44.18.18
libuuid1-2.28-44.18.18
libuuid1-32bit-2.28-44.18.18
python-libmount-2.28-44.18.38
util-linux-2.28-44.18.18
util-linux-lang-2.28-44.18.18
util-linux-systemd-2.28-44.18.25
uuidd-2.28-44.18.25
SUSE Linux Enterprise Server 12 SP2-LTSS
libblkid1-2.28-44.18.18
libblkid1-32bit-2.28-44.18.18
libfdisk1-2.28-44.18.18
libmount1-2.28-44.18.18
libmount1-32bit-2.28-44.18.18
libsmartcols1-2.28-44.18.18
libuuid1-2.28-44.18.18
libuuid1-32bit-2.28-44.18.18
python-libmount-2.28-44.18.38
util-linux-2.28-44.18.18
util-linux-lang-2.28-44.18.18
util-linux-systemd-2.28-44.18.25
uuidd-2.28-44.18.25
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libblkid1-2.28-44.18.18
libblkid1-32bit-2.28-44.18.18
libfdisk1-2.28-44.18.18
libmount1-2.28-44.18.18
libmount1-32bit-2.28-44.18.18
libsmartcols1-2.28-44.18.18
libuuid1-2.28-44.18.18
libuuid1-32bit-2.28-44.18.18
python-libmount-2.28-44.18.38
util-linux-2.28-44.18.18
util-linux-lang-2.28-44.18.18
util-linux-systemd-2.28-44.18.25
uuidd-2.28-44.18.25
SUSE OpenStack Cloud 7
libblkid1-2.28-44.18.18
libblkid1-32bit-2.28-44.18.18
libfdisk1-2.28-44.18.18
libmount1-2.28-44.18.18
libmount1-32bit-2.28-44.18.18
libsmartcols1-2.28-44.18.18
libuuid1-2.28-44.18.18
libuuid1-32bit-2.28-44.18.18
python-libmount-2.28-44.18.38
util-linux-2.28-44.18.18
util-linux-lang-2.28-44.18.18
util-linux-systemd-2.28-44.18.25
uuidd-2.28-44.18.25
Ссылки
- Link for SUSE-SU-2019:0390-1
- E-Mail link for SUSE-SU-2019:0390-1
- SUSE Security Ratings
- SUSE Bug 1072947
- SUSE Bug 1078662
- SUSE Bug 1080740
- SUSE Bug 1084300
- SUSE CVE CVE-2018-7738 page
Описание
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
Затронутые продукты
SUSE Enterprise Storage 4:libblkid1-2.28-44.18.18
SUSE Enterprise Storage 4:libblkid1-32bit-2.28-44.18.18
SUSE Enterprise Storage 4:libfdisk1-2.28-44.18.18
SUSE Enterprise Storage 4:libmount1-2.28-44.18.18
Ссылки
- CVE-2018-7738
- SUSE Bug 1080740
- SUSE Bug 1084300
- SUSE Bug 1213865