id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
4989	util-linux-2.37.3 (security fix)	pierre	ken@…	"New point version
{{{
util-linux 2.37.3 Release Notes
===============================

This release fixes two security mount(8) and umount(8) issues:

CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.

CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.
}}}
Description of the vulnerabilities at https://www.openwall.com/lists/oss-security/2022/01/24/2. Excerpt:
{{{
This vulnerability allows an unprivileged user to unmount other users'
filesystems that are either world-writable themselves (like /tmp) or
mounted in a world-writable directory.

For example, on Fedora, /tmp is a tmpfs, so we can mount a basic FUSE
filesystem named ""/tmp/ (deleted)"" (with FUSE's ""hello world"" program,
./hello) and unmount /tmp itself (a denial of service
}}}"	enhancement	closed	high	11.1	Book	git	normal	fixed