Opened 3 years ago
Closed 3 years ago
#4989 closed enhancement (fixed)
util-linux-2.37.3 (security fix)
| Reported by: | pierre | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 11.1 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
util-linux 2.37.3 Release Notes
===============================
This release fixes two security mount(8) and umount(8) issues:
CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
Description of the vulnerabilities at https://www.openwall.com/lists/oss-security/2022/01/24/2. Excerpt:
This vulnerability allows an unprivileged user to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. For example, on Fedora, /tmp is a tmpfs, so we can mount a basic FUSE filesystem named "/tmp/ (deleted)" (with FUSE's "hello world" program, ./hello) and unmount /tmp itself (a denial of service
Attachments (1)
Change History (8)
by , 3 years ago
comment:1 by , 3 years ago
Hit an issue: https://github.com/util-linux/util-linux/issues/1579
I attached the generated man page in the ticket. We can upload it to anduin.
follow-up: 4 comment:2 by , 3 years ago
Well, this should not cause problem building LFS, as linux/raw.h has been removed since Linux API headers from 5.13 or newer.
But in the SA we should workaround the issue for the users upgrading util-linux on their old system. --disable-raw seems enough for them.
comment:3 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed at commit e1ebbef46a60aefd2cb48c6fc82ac3c1414a4054
Package updates.
Update to vim-8.2.4236.
Update to zstd-1.5.2.
Update to util-linux-2.37.3 (security fix).
Update to Python-3.10.2.
Update to linux-5.16.2.
Update to libcap-2.63.
Update to iproute2-5.16.0.
Update to iana-etc-20220120.
comment:4 by , 3 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Replying to Xi Ruoyao:
Well, this should not cause problem building LFS, as
linux/raw.hhas been removed since Linux API headers from 5.13 or newer.But in the SA we should workaround the issue for the users upgrading util-linux on their old system.
--disable-rawseems enough for them.
On systems before we merged /usr the libraries need to go in /lib, other wise things such as umount will not work (ask me how I know :)
I was reluctant to write the SA because I didn't know how far back this vulnerability existed, but looking at the openwall advisory I now see it was introduced in November 2018 which appears to mean it is in 2.33.
Reopening because I don't like tickets with a pending advisory to be closed before the advisory is issued. I hope to do that within the next 24 hours.
comment:5 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | reopened → new |
comment:7 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
missed man page generated using asciidoc/xmlto