Описание
Security update for util-linux
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libblkid1-2.33.2-4.48.1
libfdisk1-2.33.2-4.48.1
libmount1-2.33.2-4.48.1
libsmartcols1-2.33.2-4.48.1
libuuid1-2.33.2-4.48.1
util-linux-2.33.2-4.48.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libblkid-devel-2.33.2-4.48.1
libblkid1-2.33.2-4.48.1
libblkid1-32bit-2.33.2-4.48.1
libfdisk1-2.33.2-4.48.1
libmount-devel-2.33.2-4.48.1
libmount1-2.33.2-4.48.1
libmount1-32bit-2.33.2-4.48.1
libsmartcols-devel-2.33.2-4.48.1
libsmartcols1-2.33.2-4.48.1
libuuid-devel-2.33.2-4.48.1
libuuid1-2.33.2-4.48.1
libuuid1-32bit-2.33.2-4.48.1
python-libmount-2.33.2-4.48.1
util-linux-2.33.2-4.48.1
util-linux-lang-2.33.2-4.48.1
util-linux-systemd-2.33.2-4.48.1
uuidd-2.33.2-4.48.1
Ссылки
- Link for SUSE-SU-2026:0366-1
- E-Mail link for SUSE-SU-2026:0366-1
- SUSE Security Ratings
- SUSE Bug 1254666
- SUSE CVE CVE-2025-14104 page
Описание
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libblkid1-2.33.2-4.48.1
Container suse/ltss/sle12.5/sles12sp5:latest:libfdisk1-2.33.2-4.48.1
Container suse/ltss/sle12.5/sles12sp5:latest:libmount1-2.33.2-4.48.1
Container suse/ltss/sle12.5/sles12sp5:latest:libsmartcols1-2.33.2-4.48.1
Ссылки
- CVE-2025-14104
- SUSE Bug 1254666