Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Mageia: 2022-0076 Moderate Advisory: Util-Linux Integer Overflow

mageia
Calendar Grey February 22, 2022
Dist Mageia Esm H88
Recent updates to util-linux packages have resolved various security vulnerabilities, bolstering both system security and user permissions. Learn additional details.
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in t...

Summary

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. (CVE-2021-37600)
Unauthorized unmount of FUSE filesystems belonging to users with similar uid. (CVE-2021-3995)
Unauthorized unmount of filesystems in libmount (CVE-2021-3996)
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)
Additional bug fixes inclu...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29565

- https://lists.suse.com/pipermail/sle-security-updates/2021-October/009610.html

- https://www.openwall.com/lists/oss-security/2022/01/24/2

- https://lists.debian.org/debian-security-announce/2022/msg00021.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SW73IARDAP7WWQ6ETYQB2OS2SLW4XTT3/

- https://ubuntu.com/security/notices/USN-5279-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2YUFRTN7YYS4ESW372SWK2PURGSGVDL4/

- https://www.openwall.com/lists/oss-security/2022/02/17/2

- https://cdn.kernel.org/pub/linux/utils/util-linux/v2.36/v2.36.2-ReleaseNotes

- https://cdn.kernel.org/pub/linux/utils/util-linux/v2.36/v2.36.2-ReleaseNotes

- https://www.cve.org/CVERecord?id=CVE-2021-37600

- https://www.cve.org/CVERecord?id=CVE-2021-3995

- https://www.cve.org/CVERecord?id=CVE-2021-3996

- https://www.cve.org/CVERecord?id=CVE-2022-0563

Topics%20covered

Topics Covered

security advisory moderate buffer overflow access control util-linux integer overflow Mageia

Resolution

SRPMS

- 8/core/util-linux-2.36.2-1.mga8

Publication date: 22 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0076.html
Type: security
CVE: CVE-2021-37600, CVE-2021-3995, CVE-2021-3996, CVE-2022-0563

Topics%20covered

Topics Covered

security advisory moderate buffer overflow access control util-linux integer overflow Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here