Описание
Security update for util-linux
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
Список пакетов
Container suse/sle-micro/base-5.5:latest
libblkid1-2.37.4-150500.9.20.1
libfdisk1-2.37.4-150500.9.20.1
libmount1-2.37.4-150500.9.20.1
libsmartcols1-2.37.4-150500.9.20.1
libuuid1-2.37.4-150500.9.20.1
util-linux-2.37.4-150500.9.20.1
util-linux-systemd-2.37.4-150500.9.20.1
Container suse/sle-micro/kvm-5.5:latest
libblkid1-2.37.4-150500.9.20.1
libfdisk1-2.37.4-150500.9.20.1
libmount1-2.37.4-150500.9.20.1
libsmartcols1-2.37.4-150500.9.20.1
libuuid1-2.37.4-150500.9.20.1
util-linux-2.37.4-150500.9.20.1
util-linux-systemd-2.37.4-150500.9.20.1
SUSE Linux Enterprise Micro 5.5
libblkid1-2.37.4-150500.9.20.1
libfdisk1-2.37.4-150500.9.20.1
libmount1-2.37.4-150500.9.20.1
libsmartcols1-2.37.4-150500.9.20.1
libuuid1-2.37.4-150500.9.20.1
util-linux-2.37.4-150500.9.20.1
util-linux-extra-2.37.4-150500.9.20.1
util-linux-systemd-2.37.4-150500.9.20.1
openSUSE Leap 15.6
util-linux-extra-2.37.4-150500.9.20.1
Ссылки
- Link for SUSE-SU-2026:0117-1
- E-Mail link for SUSE-SU-2026:0117-1
- SUSE Security Ratings
- SUSE Bug 1254666
- SUSE CVE CVE-2025-14104 page
Описание
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Затронутые продукты
Container suse/sle-micro/base-5.5:latest:libblkid1-2.37.4-150500.9.20.1
Container suse/sle-micro/base-5.5:latest:libfdisk1-2.37.4-150500.9.20.1
Container suse/sle-micro/base-5.5:latest:libmount1-2.37.4-150500.9.20.1
Container suse/sle-micro/base-5.5:latest:libsmartcols1-2.37.4-150500.9.20.1
Ссылки
- CVE-2025-14104
- SUSE Bug 1254666