An update for util-linux is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1536
Final
1.0
1.0
2022-02-26
Initial
2022-02-26
2022-02-26
openEuler SA Tool V1.0
2022-02-26
util-linux security update
An update for util-linux is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
The util-linux package contains a random collection of files that implements some low-level basic linux utilities.
Security Fix(es):
A logical error was found in util-linux's libmount library in a function that allows unprivileged users to unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems with similar uid users, an attacker could exploit this vulnerability to cause a denial of service to applications using the affected filesystem.(CVE-2021-3995)
that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this vulnerability to cause a denial of service to applications that use the affected file system.(CVE-2021-3996)
An update for util-linux is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
util-linux
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1536
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3995
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3996
https://nvd.nist.gov/vuln/detail/CVE-2021-3995
https://nvd.nist.gov/vuln/detail/CVE-2021-3996
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
libblkid-2.35.2-10.oe1.aarch64.rpm
python-libmount-2.35.2-10.oe1.aarch64.rpm
libuuid-2.35.2-10.oe1.aarch64.rpm
util-linux-2.35.2-10.oe1.aarch64.rpm
libmount-2.35.2-10.oe1.aarch64.rpm
util-linux-devel-2.35.2-10.oe1.aarch64.rpm
util-linux-debuginfo-2.35.2-10.oe1.aarch64.rpm
uuidd-2.35.2-10.oe1.aarch64.rpm
util-linux-debugsource-2.35.2-10.oe1.aarch64.rpm
libsmartcols-2.35.2-10.oe1.aarch64.rpm
util-linux-user-2.35.2-10.oe1.aarch64.rpm
libfdisk-2.35.2-10.oe1.aarch64.rpm
libfdisk-2.35.2-9.oe1.aarch64.rpm
python-libmount-2.35.2-9.oe1.aarch64.rpm
libblkid-2.35.2-9.oe1.aarch64.rpm
util-linux-debugsource-2.35.2-9.oe1.aarch64.rpm
libuuid-2.35.2-9.oe1.aarch64.rpm
libmount-2.35.2-9.oe1.aarch64.rpm
uuidd-2.35.2-9.oe1.aarch64.rpm
util-linux-devel-2.35.2-9.oe1.aarch64.rpm
util-linux-user-2.35.2-9.oe1.aarch64.rpm
libsmartcols-2.35.2-9.oe1.aarch64.rpm
util-linux-2.35.2-9.oe1.aarch64.rpm
util-linux-debuginfo-2.35.2-9.oe1.aarch64.rpm
util-linux-user-2.35.2-10.oe1.aarch64.rpm
util-linux-debuginfo-2.35.2-10.oe1.aarch64.rpm
libsmartcols-2.35.2-10.oe1.aarch64.rpm
util-linux-debugsource-2.35.2-10.oe1.aarch64.rpm
libfdisk-2.35.2-10.oe1.aarch64.rpm
util-linux-2.35.2-10.oe1.aarch64.rpm
libmount-2.35.2-10.oe1.aarch64.rpm
python-libmount-2.35.2-10.oe1.aarch64.rpm
libblkid-2.35.2-10.oe1.aarch64.rpm
libuuid-2.35.2-10.oe1.aarch64.rpm
uuidd-2.35.2-10.oe1.aarch64.rpm
util-linux-devel-2.35.2-10.oe1.aarch64.rpm
util-linux-help-2.35.2-10.oe1.noarch.rpm
util-linux-help-2.35.2-9.oe1.noarch.rpm
util-linux-help-2.35.2-10.oe1.noarch.rpm
util-linux-2.35.2-10.oe1.src.rpm
util-linux-2.35.2-9.oe1.src.rpm
util-linux-2.35.2-10.oe1.src.rpm
util-linux-2.35.2-10.oe1.x86_64.rpm
util-linux-devel-2.35.2-10.oe1.x86_64.rpm
libfdisk-2.35.2-10.oe1.x86_64.rpm
libsmartcols-2.35.2-10.oe1.x86_64.rpm
libuuid-2.35.2-10.oe1.x86_64.rpm
libmount-2.35.2-10.oe1.x86_64.rpm
libblkid-2.35.2-10.oe1.x86_64.rpm
util-linux-debugsource-2.35.2-10.oe1.x86_64.rpm
util-linux-debuginfo-2.35.2-10.oe1.x86_64.rpm
uuidd-2.35.2-10.oe1.x86_64.rpm
util-linux-user-2.35.2-10.oe1.x86_64.rpm
python-libmount-2.35.2-10.oe1.x86_64.rpm
libuuid-2.35.2-9.oe1.x86_64.rpm
util-linux-devel-2.35.2-9.oe1.x86_64.rpm
util-linux-2.35.2-9.oe1.x86_64.rpm
libblkid-2.35.2-9.oe1.x86_64.rpm
python-libmount-2.35.2-9.oe1.x86_64.rpm
util-linux-debugsource-2.35.2-9.oe1.x86_64.rpm
uuidd-2.35.2-9.oe1.x86_64.rpm
libsmartcols-2.35.2-9.oe1.x86_64.rpm
util-linux-user-2.35.2-9.oe1.x86_64.rpm
libmount-2.35.2-9.oe1.x86_64.rpm
util-linux-debuginfo-2.35.2-9.oe1.x86_64.rpm
libfdisk-2.35.2-9.oe1.x86_64.rpm
util-linux-debuginfo-2.35.2-10.oe1.x86_64.rpm
util-linux-2.35.2-10.oe1.x86_64.rpm
util-linux-user-2.35.2-10.oe1.x86_64.rpm
uuidd-2.35.2-10.oe1.x86_64.rpm
libuuid-2.35.2-10.oe1.x86_64.rpm
util-linux-debugsource-2.35.2-10.oe1.x86_64.rpm
libsmartcols-2.35.2-10.oe1.x86_64.rpm
python-libmount-2.35.2-10.oe1.x86_64.rpm
libblkid-2.35.2-10.oe1.x86_64.rpm
util-linux-devel-2.35.2-10.oe1.x86_64.rpm
libmount-2.35.2-10.oe1.x86_64.rpm
libfdisk-2.35.2-10.oe1.x86_64.rpm
A logical error was found in util-linux's libmount library in a function that allows unprivileged users to unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems with similar uid users, an attacker could exploit this vulnerability to cause a denial of service to applications using the affected filesystem.
2022-02-26
CVE-2021-3995
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
util-linux security update
2022-02-26
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1536
that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this vulnerability to cause a denial of service to applications that use the affected file system.
2022-02-26
CVE-2021-3996
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
util-linux security update
2022-02-26
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1536