What Are You Looking For?

Sign Up

   openSUSE Security Update: Security update for libeconf, shadow and util-linux
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0727-1
Rating:             moderate
References:         #1188507 #1192954 #1193632 #1194976 SLE-23384 
                    SLE-23402 
Cross-References:   CVE-2021-3995 CVE-2021-3996
CVSS scores:
                    CVE-2021-3995 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-3996 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves two vulnerabilities, contains two
   features and has two fixes is now available.

Description:

   This security update for libeconf, shadow and util-linux fix the following
   issues:

   libeconf:

   - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by
     'util-linux' and 'shadow' to fix autoyast handling of security related
     parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

   Issues fixed in libeconf:
   - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
   - Fixed different issues while writing string values to file.
   - Writing comments to file too.
   - Fixed crash while merging values.
   - Added econftool cat option (#146)
   - new API call: econf_readDirsHistory (showing ALL locations)
   - new API call: econf_getPath (absolute path of the configuration file)
   - Man pages libeconf.3 and econftool.8.
   - Handling multiline strings.
   - Added libeconf_ext which returns more information like line_nr,
     comments, path of the configuration file,...
   - Econftool, an command line interface for handling configuration files.
   - Generating HTML API documentation with doxygen.
   - Improving error handling and semantic file check.
   - Joining entries with the same key to one single entry if env variable
     ECONF_JOIN_SAME_ENTRIES has been set.

   shadow:

   - The legacy code does not support /etc/login.defs.d used by YaST. Enable
     libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

   util-linux:

   - The legacy code does not support /etc/login.defs.d used by YaST. Enable
     libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
   - Allow use of larger values for start sector to prevent `blockdev
     --report` aborting (bsc#1188507)
   - Fixed `blockdev --report` using non-space characters as a field
     separator (bsc#1188507)
   - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount.
     (bsc#1194976)
   - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount.
     (bsc#1194976)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-727=1



Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      libblkid-devel-2.36.2-150300.4.14.3
      libblkid-devel-static-2.36.2-150300.4.14.3
      libblkid1-2.36.2-150300.4.14.3
      libblkid1-debuginfo-2.36.2-150300.4.14.3
      libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2
      libeconf-devel-0.4.4+git20220104.962774f-150300.3.6.2
      libeconf0-0.4.4+git20220104.962774f-150300.3.6.2
      libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
      libfdisk-devel-2.36.2-150300.4.14.3
      libfdisk-devel-static-2.36.2-150300.4.14.3
      libfdisk1-2.36.2-150300.4.14.3
      libfdisk1-debuginfo-2.36.2-150300.4.14.3
      libmount-devel-2.36.2-150300.4.14.3
      libmount-devel-static-2.36.2-150300.4.14.3
      libmount1-2.36.2-150300.4.14.3
      libmount1-debuginfo-2.36.2-150300.4.14.3
      libsmartcols-devel-2.36.2-150300.4.14.3
      libsmartcols-devel-static-2.36.2-150300.4.14.3
      libsmartcols1-2.36.2-150300.4.14.3
      libsmartcols1-debuginfo-2.36.2-150300.4.14.3
      libuuid-devel-2.36.2-150300.4.14.3
      libuuid-devel-static-2.36.2-150300.4.14.3
      libuuid1-2.36.2-150300.4.14.3
      libuuid1-debuginfo-2.36.2-150300.4.14.3
      python3-libmount-2.36.2-150300.4.14.2
      python3-libmount-debuginfo-2.36.2-150300.4.14.2
      python3-libmount-debugsource-2.36.2-150300.4.14.2
      shadow-4.8.1-150300.4.3.8
      shadow-debuginfo-4.8.1-150300.4.3.8
      shadow-debugsource-4.8.1-150300.4.3.8
      util-linux-2.36.2-150300.4.14.3
      util-linux-debuginfo-2.36.2-150300.4.14.3
      util-linux-debugsource-2.36.2-150300.4.14.3
      util-linux-systemd-2.36.2-150300.4.14.2
      util-linux-systemd-debuginfo-2.36.2-150300.4.14.2
      util-linux-systemd-debugsource-2.36.2-150300.4.14.2
      uuidd-2.36.2-150300.4.14.2
      uuidd-debuginfo-2.36.2-150300.4.14.2

   - openSUSE Leap 15.3 (x86_64):

      libblkid-devel-32bit-2.36.2-150300.4.14.3
      libblkid1-32bit-2.36.2-150300.4.14.3
      libblkid1-32bit-debuginfo-2.36.2-150300.4.14.3
      libeconf0-32bit-0.4.4+git20220104.962774f-150300.3.6.2
      libeconf0-32bit-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
      libfdisk-devel-32bit-2.36.2-150300.4.14.3
      libfdisk1-32bit-2.36.2-150300.4.14.3
      libfdisk1-32bit-debuginfo-2.36.2-150300.4.14.3
      libmount-devel-32bit-2.36.2-150300.4.14.3
      libmount1-32bit-2.36.2-150300.4.14.3
      libmount1-32bit-debuginfo-2.36.2-150300.4.14.3
      libsmartcols-devel-32bit-2.36.2-150300.4.14.3
      libsmartcols1-32bit-2.36.2-150300.4.14.3
      libsmartcols1-32bit-debuginfo-2.36.2-150300.4.14.3
      libuuid-devel-32bit-2.36.2-150300.4.14.3
      libuuid1-32bit-2.36.2-150300.4.14.3
      libuuid1-32bit-debuginfo-2.36.2-150300.4.14.3

   - openSUSE Leap 15.3 (noarch):

      login_defs-4.8.1-150300.4.3.8
      util-linux-lang-2.36.2-150300.4.14.3


References:

   https://www.suse.com/security/cve/CVE-2021-3995.html
   https://www.suse.com/security/cve/CVE-2021-3996.html
   https://bugzilla.suse.com/1188507
   https://bugzilla.suse.com/1192954
   https://bugzilla.suse.com/1193632
   https://bugzilla.suse.com/1194976

openSUSE: 2022:0727-1 moderate: libeconf, shadow and util-linux

March 4, 2022
An update that solves two vulnerabilities, contains two features and has two fixes is now available

Description

This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-727=1


Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.36.2-150300.4.14.3 libblkid-devel-static-2.36.2-150300.4.14.3 libblkid1-2.36.2-150300.4.14.3 libblkid1-debuginfo-2.36.2-150300.4.14.3 libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2 libeconf-devel-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2 libfdisk-devel-2.36.2-150300.4.14.3 libfdisk-devel-static-2.36.2-150300.4.14.3 libfdisk1-2.36.2-150300.4.14.3 libfdisk1-debuginfo-2.36.2-150300.4.14.3 libmount-devel-2.36.2-150300.4.14.3 libmount-devel-static-2.36.2-150300.4.14.3 libmount1-2.36.2-150300.4.14.3 libmount1-debuginfo-2.36.2-150300.4.14.3 libsmartcols-devel-2.36.2-150300.4.14.3 libsmartcols-devel-static-2.36.2-150300.4.14.3 libsmartcols1-2.36.2-150300.4.14.3 libsmartcols1-debuginfo-2.36.2-150300.4.14.3 libuuid-devel-2.36.2-150300.4.14.3 libuuid-devel-static-2.36.2-150300.4.14.3 libuuid1-2.36.2-150300.4.14.3 libuuid1-debuginfo-2.36.2-150300.4.14.3 python3-libmount-2.36.2-150300.4.14.2 python3-libmount-debuginfo-2.36.2-150300.4.14.2 python3-libmount-debugsource-2.36.2-150300.4.14.2 shadow-4.8.1-150300.4.3.8 shadow-debuginfo-4.8.1-150300.4.3.8 shadow-debugsource-4.8.1-150300.4.3.8 util-linux-2.36.2-150300.4.14.3 util-linux-debuginfo-2.36.2-150300.4.14.3 util-linux-debugsource-2.36.2-150300.4.14.3 util-linux-systemd-2.36.2-150300.4.14.2 util-linux-systemd-debuginfo-2.36.2-150300.4.14.2 util-linux-systemd-debugsource-2.36.2-150300.4.14.2 uuidd-2.36.2-150300.4.14.2 uuidd-debuginfo-2.36.2-150300.4.14.2 - openSUSE Leap 15.3 (x86_64): libblkid-devel-32bit-2.36.2-150300.4.14.3 libblkid1-32bit-2.36.2-150300.4.14.3 libblkid1-32bit-debuginfo-2.36.2-150300.4.14.3 libeconf0-32bit-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-32bit-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2 libfdisk-devel-32bit-2.36.2-150300.4.14.3 libfdisk1-32bit-2.36.2-150300.4.14.3 libfdisk1-32bit-debuginfo-2.36.2-150300.4.14.3 libmount-devel-32bit-2.36.2-150300.4.14.3 libmount1-32bit-2.36.2-150300.4.14.3 libmount1-32bit-debuginfo-2.36.2-150300.4.14.3 libsmartcols-devel-32bit-2.36.2-150300.4.14.3 libsmartcols1-32bit-2.36.2-150300.4.14.3 libsmartcols1-32bit-debuginfo-2.36.2-150300.4.14.3 libuuid-devel-32bit-2.36.2-150300.4.14.3 libuuid1-32bit-2.36.2-150300.4.14.3 libuuid1-32bit-debuginfo-2.36.2-150300.4.14.3 - openSUSE Leap 15.3 (noarch): login_defs-4.8.1-150300.4.3.8 util-linux-lang-2.36.2-150300.4.14.3


References

https://www.suse.com/security/cve/CVE-2021-3995.html https://www.suse.com/security/cve/CVE-2021-3996.html https://bugzilla.suse.com/1188507 https://bugzilla.suse.com/1192954 https://bugzilla.suse.com/1193632 https://bugzilla.suse.com/1194976


Severity
Announcement ID: openSUSE-SU-2022:0727-1
Rating: moderate
Affected Products: openSUSE Leap 15.3 ble.

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Latest WSL Update Brings Strong Security Mechanisms

Nov 17, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo