Opened 3 weeks ago

Closed 6 days ago

Last modified 5 days ago

#5834 closed enhancement (fixed)

util-linux-2.41.3

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: normal Milestone: 12.5
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Release Notes

bash-completion:

  • (mount) add missing options
  • add lsfd
  • add blkpr
  • add bits to dist tarball

dmesg:

  • fix const qualifier warnings in parse_callerid

eject:

  • fix const qualifier warning in read_speed

enosys:

  • fix const qualifier warning in parse_block

libblkid:

  • fix const qualifier warning in blkid_parse_tag_string
  • use snprintf() instead of sprintf()

libfdisk:

  • (dos) fix off-by-one in maximum last sector calculation

liblastlog2:

  • fix operator precedence in conditional assignments

lib, lscpu:

  • fix const qualifier discarded warnings in bsearch

libmount:

  • fix const qualifier warning in mnt_parse_mountinfo_line
  • fix const qualifier warnings for C23

logger:

  • fix const qualifier warnings for C23

login-utils:

  • fix setpwnam() buffer use [CVE-2025-14104]

losetup:

  • sort 'O' correctly for the mutual-exclusive check to work

lscpu:

  • use maximum CPU speed from DMI, avoid duplicate version string
  • Add a few missing Arm CPU identifiers

lsfd:

  • fix memory leak related to stat_error_class
  • (bugfix) use PRIu32 for prining lport of netlink socket
  • fix const qualifier warning in strnrstr
  • fix const qualifier warning in new_counter_spec
  • fix bsearch macro usage with glibc C23

lsns:

  • fix const qualifier warnings for C23

namei:

  • fix const qualifier warning in readlink_to_namei

partx:

  • fix const qualifier warning in get_max_partno

po:

  • update sr.po (from translationproject.org)

po-man:

  • merge changes
  • update sr.po (from translationproject.org)

umount:

  • consider helper return status for success message

wdctl:

  • remove -d option leftover

whereis:

  • fix const qualifier warnings for C23

Misc:

  • Fix memory leak in setpwnam()

Change History (4)

comment:1 by zeckma, 3 weeks ago

Fixes CVE-2025-14104 (medium): Heap buffer overread in setpwnam() when processing 256-byte usernames.

comment:2 by zeckma, 3 weeks ago

Priority: normalhigh

comment:3 by Bruce Dubbs, 6 days ago

Resolution: fixed
Status: newclosed

Fixed at commit 1fbf8a7e4f.

comment:4 by Douglas R. Reno, 5 days ago

Priority: highnormal

Because we disable the login utilites, we are not affected we are not affected by CVE-2025-14104.

Note: See TracTickets for help on using tickets.