Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:1108-1 Important: Buffer Overflow in Util-linux

suse
Calendar Grey April 4, 2022
Dist Suse Esm H88
Red Hat Security Bulletin addresses a vulnerability and delivers 10 enhancements for coreutils, promoting improved system performance.
An update that solves one vulnerability and has 13 fixes is now available

Summary

This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - Avoid segfault on PowerPC systems with valid hardware configurations.

Topics%20covered

Topics Covered

security advisory buffer overflow patch important util-linux system update SUSE

References

#1084671 #1151708 #1168235 #1168389 #1169006

#1172427 #1174942 #1175514 #1175623 #1178236

#1178554 #1178825 #1188921 #1194642

Cross- CVE-2021-37600

CVSS scores:

CVE-2021-37600 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2021-37600 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP 15

https://www.suse.com/security/cve/CVE-2021-37600.html

https://bugzilla.suse.com/1084671

https://bugzilla.suse.com/1151708

https://bugzilla.suse.com/1168235

https://bugzilla.suse.com/1168389

https://bugzilla.suse.com/1169006

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1108-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow patch important util-linux system update SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here