This update for util-linux fixes the following issues:
Security issues:
- CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).
Non security issues:
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-510=1
- openSUSE Leap 16.0:
lastlog2-2.41.1-160000.3.1
libblkid-devel-2.41.1-160000.3.1
libblkid-devel-static-2.41.1-160000.3.1
libblkid1-2.41.1-160000.3.1
libfdisk-devel-2.41.1-160000.3.1
libfdisk-devel-static-2.41.1-160000.3.1
libfdisk1-2.41.1-160000.3.1
liblastlog2-2-2.41.1-160000.3.1
liblastlog2-devel-2.41.1-160000.3.1
libmount-devel-2.41.1-160000.3.1
libmount-devel-static-2.41.1-160000.3.1
libmount1-2.41.1-160000.3.1
libsmartcols-devel-2.41.1-160000.3.1
libsmartcols-devel-static-2.41.1-160000.3.1
libsmartcols1-2.41.1-160000.3.1
libuuid-devel-2.41.1-160000.3.1
libuuid-devel-static-2.41.1-160000.3.1
libuuid1-2.41.1-160000.3.1
python313-libmount-2.41.1-160000.3.1
util-linux-2.41.1-160000.3.1
util-linux-extra-2.41.1-160000.3.1
util-linux-lang-2.41.1-160000.3.1
util-linux-systemd-2.41.1-160000.3.1
util-linux-tty-tools-2.41.1-160000.3.1
uuidd-2.41.1-160000.3.1
* bsc#1222465
* bsc#1254666
* bsc#1258859
References:
* https://www.suse.com/security/cve/CVE-2025-14104.html
* https://www.suse.com/security/cve/CVE-2026-3184.html
Get the latest Linux and open source security news straight to your inbox.