openSUSE-SU-2022:0727-1

Описание

This security update for libeconf, shadow and util-linux fix the following issues:

libeconf:

• Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

Issues fixed in libeconf:

• Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
• Fixed different issues while writing string values to file.
• Writing comments to file too.
• Fixed crash while merging values.
• Added econftool cat option (#146)
• new API call: econf_readDirsHistory (showing ALL locations)
• new API call: econf_getPath (absolute path of the configuration file)
• Man pages libeconf.3 and econftool.8.
• Handling multiline strings.
• Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,...
• Econftool, an command line interface for handling configuration files.
• Generating HTML API documentation with doxygen.
• Improving error handling and semantic file check.
• Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set.

shadow:

• The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

util-linux:

• The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
• Allow use of larger values for start sector to prevent blockdev --report aborting (bsc#1188507)
• Fixed blockdev --report using non-space characters as a field separator (bsc#1188507)
• CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
• CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)