An update for util-linux is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1536 Final 1.0 1.0 2022-02-26 Initial 2022-02-26 2022-02-26 openEuler SA Tool V1.0 2022-02-26 util-linux security update An update for util-linux is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. The util-linux package contains a random collection of files that implements some low-level basic linux utilities. Security Fix(es): A logical error was found in util-linux's libmount library in a function that allows unprivileged users to unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems with similar uid users, an attacker could exploit this vulnerability to cause a denial of service to applications using the affected filesystem.(CVE-2021-3995) that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this vulnerability to cause a denial of service to applications that use the affected file system.(CVE-2021-3996) An update for util-linux is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium util-linux https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1536 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3995 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-3996 https://nvd.nist.gov/vuln/detail/CVE-2021-3995 https://nvd.nist.gov/vuln/detail/CVE-2021-3996 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 libblkid-2.35.2-10.oe1.aarch64.rpm python-libmount-2.35.2-10.oe1.aarch64.rpm libuuid-2.35.2-10.oe1.aarch64.rpm util-linux-2.35.2-10.oe1.aarch64.rpm libmount-2.35.2-10.oe1.aarch64.rpm util-linux-devel-2.35.2-10.oe1.aarch64.rpm util-linux-debuginfo-2.35.2-10.oe1.aarch64.rpm uuidd-2.35.2-10.oe1.aarch64.rpm util-linux-debugsource-2.35.2-10.oe1.aarch64.rpm libsmartcols-2.35.2-10.oe1.aarch64.rpm util-linux-user-2.35.2-10.oe1.aarch64.rpm libfdisk-2.35.2-10.oe1.aarch64.rpm libfdisk-2.35.2-9.oe1.aarch64.rpm python-libmount-2.35.2-9.oe1.aarch64.rpm libblkid-2.35.2-9.oe1.aarch64.rpm util-linux-debugsource-2.35.2-9.oe1.aarch64.rpm libuuid-2.35.2-9.oe1.aarch64.rpm libmount-2.35.2-9.oe1.aarch64.rpm uuidd-2.35.2-9.oe1.aarch64.rpm util-linux-devel-2.35.2-9.oe1.aarch64.rpm util-linux-user-2.35.2-9.oe1.aarch64.rpm libsmartcols-2.35.2-9.oe1.aarch64.rpm util-linux-2.35.2-9.oe1.aarch64.rpm util-linux-debuginfo-2.35.2-9.oe1.aarch64.rpm util-linux-user-2.35.2-10.oe1.aarch64.rpm util-linux-debuginfo-2.35.2-10.oe1.aarch64.rpm libsmartcols-2.35.2-10.oe1.aarch64.rpm util-linux-debugsource-2.35.2-10.oe1.aarch64.rpm libfdisk-2.35.2-10.oe1.aarch64.rpm util-linux-2.35.2-10.oe1.aarch64.rpm libmount-2.35.2-10.oe1.aarch64.rpm python-libmount-2.35.2-10.oe1.aarch64.rpm libblkid-2.35.2-10.oe1.aarch64.rpm libuuid-2.35.2-10.oe1.aarch64.rpm uuidd-2.35.2-10.oe1.aarch64.rpm util-linux-devel-2.35.2-10.oe1.aarch64.rpm util-linux-help-2.35.2-10.oe1.noarch.rpm util-linux-help-2.35.2-9.oe1.noarch.rpm util-linux-help-2.35.2-10.oe1.noarch.rpm util-linux-2.35.2-10.oe1.src.rpm util-linux-2.35.2-9.oe1.src.rpm util-linux-2.35.2-10.oe1.src.rpm util-linux-2.35.2-10.oe1.x86_64.rpm util-linux-devel-2.35.2-10.oe1.x86_64.rpm libfdisk-2.35.2-10.oe1.x86_64.rpm libsmartcols-2.35.2-10.oe1.x86_64.rpm libuuid-2.35.2-10.oe1.x86_64.rpm libmount-2.35.2-10.oe1.x86_64.rpm libblkid-2.35.2-10.oe1.x86_64.rpm util-linux-debugsource-2.35.2-10.oe1.x86_64.rpm util-linux-debuginfo-2.35.2-10.oe1.x86_64.rpm uuidd-2.35.2-10.oe1.x86_64.rpm util-linux-user-2.35.2-10.oe1.x86_64.rpm python-libmount-2.35.2-10.oe1.x86_64.rpm libuuid-2.35.2-9.oe1.x86_64.rpm util-linux-devel-2.35.2-9.oe1.x86_64.rpm util-linux-2.35.2-9.oe1.x86_64.rpm libblkid-2.35.2-9.oe1.x86_64.rpm python-libmount-2.35.2-9.oe1.x86_64.rpm util-linux-debugsource-2.35.2-9.oe1.x86_64.rpm uuidd-2.35.2-9.oe1.x86_64.rpm libsmartcols-2.35.2-9.oe1.x86_64.rpm util-linux-user-2.35.2-9.oe1.x86_64.rpm libmount-2.35.2-9.oe1.x86_64.rpm util-linux-debuginfo-2.35.2-9.oe1.x86_64.rpm libfdisk-2.35.2-9.oe1.x86_64.rpm util-linux-debuginfo-2.35.2-10.oe1.x86_64.rpm util-linux-2.35.2-10.oe1.x86_64.rpm util-linux-user-2.35.2-10.oe1.x86_64.rpm uuidd-2.35.2-10.oe1.x86_64.rpm libuuid-2.35.2-10.oe1.x86_64.rpm util-linux-debugsource-2.35.2-10.oe1.x86_64.rpm libsmartcols-2.35.2-10.oe1.x86_64.rpm python-libmount-2.35.2-10.oe1.x86_64.rpm libblkid-2.35.2-10.oe1.x86_64.rpm util-linux-devel-2.35.2-10.oe1.x86_64.rpm libmount-2.35.2-10.oe1.x86_64.rpm libfdisk-2.35.2-10.oe1.x86_64.rpm A logical error was found in util-linux's libmount library in a function that allows unprivileged users to unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems with similar uid users, an attacker could exploit this vulnerability to cause a denial of service to applications using the affected filesystem. 2022-02-26 CVE-2021-3995 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H util-linux security update 2022-02-26 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1536 that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this vulnerability to cause a denial of service to applications that use the affected file system. 2022-02-26 CVE-2021-3996 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H util-linux security update 2022-02-26 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1536