Описание
Security update for util-linux
This update for util-linux fixes the following security issue:
- CVE-2018-7738: Fix local vulnerability using embedded shell commands in a mountpoint name (bsc#1084300)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libblkid-devel-2.31.1-lp150.7.6.1
libblkid-devel-32bit-2.31.1-lp150.7.6.1
libblkid-devel-static-2.31.1-lp150.7.6.1
libblkid1-2.31.1-lp150.7.6.1
libblkid1-32bit-2.31.1-lp150.7.6.1
libfdisk-devel-2.31.1-lp150.7.6.1
libfdisk-devel-static-2.31.1-lp150.7.6.1
libfdisk1-2.31.1-lp150.7.6.1
libmount-devel-2.31.1-lp150.7.6.1
libmount-devel-32bit-2.31.1-lp150.7.6.1
libmount-devel-static-2.31.1-lp150.7.6.1
libmount1-2.31.1-lp150.7.6.1
libmount1-32bit-2.31.1-lp150.7.6.1
libsmartcols-devel-2.31.1-lp150.7.6.1
libsmartcols-devel-static-2.31.1-lp150.7.6.1
libsmartcols1-2.31.1-lp150.7.6.1
libuuid-devel-2.31.1-lp150.7.6.1
libuuid-devel-32bit-2.31.1-lp150.7.6.1
libuuid-devel-static-2.31.1-lp150.7.6.1
libuuid1-2.31.1-lp150.7.6.1
libuuid1-32bit-2.31.1-lp150.7.6.1
python-libmount-2.31.1-lp150.7.6.1
util-linux-2.31.1-lp150.7.6.1
util-linux-lang-2.31.1-lp150.7.6.1
util-linux-systemd-2.31.1-lp150.7.6.1
uuidd-2.31.1-lp150.7.6.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2205-1
- SUSE Security Ratings
Описание
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
Затронутые продукты
openSUSE Leap 15.0:libblkid-devel-2.31.1-lp150.7.6.1
openSUSE Leap 15.0:libblkid-devel-32bit-2.31.1-lp150.7.6.1
openSUSE Leap 15.0:libblkid-devel-static-2.31.1-lp150.7.6.1
openSUSE Leap 15.0:libblkid1-2.31.1-lp150.7.6.1
Ссылки
- CVE-2018-7738
- SUSE Bug 1080740
- SUSE Bug 1084300