[ubuntu/impish-security] util-linux 2.36.1-8ubuntu2.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Feb 9 13:21:35 UTC 2022
util-linux (2.36.1-8ubuntu2.2) impish-security; urgency=medium
* SECURITY UPDATE: Unauthorized unmount of FUSE filesystems belonging to
users with similar uid
- debian/patches/upstream/CVE-2021-3995-1.patch: make sure mem2strcpy()
buffer is zeroized in include/strutils.h.
- debian/patches/upstream/CVE-2021-3995-2.patch: fix UID check for FUSE
umount in libmount/src/context_umount.c, libmount/src/mountP.h,
libmount/src/optstr.c.
- CVE-2021-3995
* SECURITY UPDATE: Unauthorized unmount in util-linux's libmount
- debian/patches/upstream/CVE-2021-3996-1.patch: remove support for
deleted mount table entries in libmount/src/tab_parse.c.
- debian/patches/upstream/CVE-2021-3996-2.patch: update mountinfo files
in tests/*.
- CVE-2021-3996
Date: 2022-02-08 13:57:13.962492+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/util-linux/2.36.1-8ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list