util-linux v2.42 (Security Update)

[Bruce Dubbs]

New minor version.

util-linux 2.42 Release Notes

Security fixes:

CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device.

The SUID mount follows symlinks when resolving loop backing file paths. On systems where non-root users are permitted to mount loop devices (via 'user' option in fstab), this allows access to arbitrary files.

CWE-190 - Integer overflow in libblkid parse_dos_extended().

A crafted MBR disk image can cause uint32_t wraparound in EBR chain processing, causing reported partitions to not match the on-disk layout. Tools like udisks may then register a partition at logical sector 0.

Release highlights:

The NTFS mount type (kernel FS driver) can be changed by the compile option --with-ntfs-mounttype=, the default is ntfs3.

login(1) now uses the original FQDN (as specified by "-h <host>") to configure the PAM RHOST item. All previous versions used the hostname without domain. This may affect users who use login(1) for remote access (rlogin, rsh) and pam_access to define access rules. (Don't worry, if you still use rlogin then security is already irrelevant for you.)

login(1), if configured with LOGIN_SHELL_FALLBACK in login.defs, can fall back to another valid shell from /etc/shells if the user's configured shell is inaccessible due to administrative errors.

agetty reads issue file(s) in a way compatible with libeconf and systemd, hermetic-usr and drop-ins are now supported. For more details see ​https://uapi-group.org/specifications/specs/configuration_files_specification/

agetty uses netlink to get network interface information for issue file output.

The libsmartcols-based tools with JSON support can now produce additional JSON formats. The output format may be changed by LIBSMARTCOLS_JSON={lines,compact} environment variable.

column(1) now supports colors.

New command copyfilerange(1) to copy file ranges using the copy_file_range() syscall.

New command getino(1) to print the unique inode number associated with a process file descriptor or namespace for a given PID.

fadvise(1) now supports --fd to address a file by file descriptor rather than by path.

fallocate(1) now supports --report-holes to scan the file and report the distribution of holes.

A significant performance regression has been fixed in hardlink(1).

hardlink(1) now supports FIEMAP-based sparse file optimization.

kill(1), waitpid(1) and nsenter(1) now support the PID:INO convention to precisely address processes.

mount(8) now supports --beneath to atomically replace a filesystem at a mountpoint.

mount(8) now supports --exclusive to ensure that the filesystem is mounted as a unique instance and that the superblock is not reused by the kernel.

libmount now reads filesystem information from udevd (with fallback to classic libblkid-based detection). This feature can be disabled by --disable-libmount-udev-support.

setarch(8) now supports --pid to show the personality of a specified process.

The pager support for tools like "dmesg -H" has been improved to work better with signals.

losetup(8) now supports --remove to remove a loop device node from the system.

lsblk(8), lslocks(8), lsmem(1) and lsclocks(1) support <NAME>_COLUMNS environment variable to specify output columns as an alternative to --output.

lsfd(1) now supports new UNIX.IPEER, PACKET.PROTOCOL.RAW and TUN.DEVNETNS columns.

setpriv(1) now supports landlock via --landlock-access and --landlock-rule options.