[ubuntu/jammy-proposed] util-linux 2.37.2-4ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 16 12:53:14 UTC 2022 

util-linux (2.37.2-4ubuntu2) jammy; urgency=medium

  * SECURITY UPDATE: Unauthorized unmount of FUSE filesystems belonging to
    users with similar uid
    - debian/patches/upstream/CVE-2021-3995-1.patch: make sure mem2strcpy()
      buffer is zeroized in include/strutils.h.
    - debian/patches/upstream/CVE-2021-3995-2.patch: fix UID check for FUSE
      umount in libmount/src/context_umount.c, libmount/src/mountP.h,
      libmount/src/optstr.c.
    - CVE-2021-3995
  * SECURITY UPDATE: Unauthorized unmount in util-linux's libmount
    - debian/patches/upstream/CVE-2021-3996-1.patch: remove support for
      deleted mount table entries in libmount/src/tab_parse.c.
    - debian/patches/upstream/CVE-2021-3996-2.patch: update mountinfo files
      in tests/*.
    - CVE-2021-3996

Date: Wed, 16 Feb 2022 07:21:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/util-linux/2.37.2-4ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 16 Feb 2022 07:21:37 -0500
Source: util-linux
Built-For-Profiles: noudeb
Architecture: source
Version: 2.37.2-4ubuntu2
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 util-linux (2.37.2-4ubuntu2) jammy; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized unmount of FUSE filesystems belonging to
     users with similar uid
     - debian/patches/upstream/CVE-2021-3995-1.patch: make sure mem2strcpy()
       buffer is zeroized in include/strutils.h.
     - debian/patches/upstream/CVE-2021-3995-2.patch: fix UID check for FUSE
       umount in libmount/src/context_umount.c, libmount/src/mountP.h,
       libmount/src/optstr.c.
     - CVE-2021-3995
   * SECURITY UPDATE: Unauthorized unmount in util-linux's libmount
     - debian/patches/upstream/CVE-2021-3996-1.patch: remove support for
       deleted mount table entries in libmount/src/tab_parse.c.
     - debian/patches/upstream/CVE-2021-3996-2.patch: update mountinfo files
       in tests/*.
     - CVE-2021-3996
Checksums-Sha1:
 be9a91bf3544e5dcd3be1e8630a4922206bdbf18 4542 util-linux_2.37.2-4ubuntu2.dsc
 9e7f1297b47e64c62d190ac3856747ff138d56c4 106144 util-linux_2.37.2-4ubuntu2.debian.tar.xz
 5d1e4d80c880b8a6e07f61c13e75867c1feb96ff 8138 util-linux_2.37.2-4ubuntu2_source.buildinfo
Checksums-Sha256:
 efdca0fbf6e9ee1e23563cb25d1716762ce302f7e5a9f95c788c605a8b3c66d3 4542 util-linux_2.37.2-4ubuntu2.dsc
 a6571c7c939cf968e32efeec0444a2107296a1c4a4dcc7ee9791e440be5b9bfb 106144 util-linux_2.37.2-4ubuntu2.debian.tar.xz
 c6d00759b61c0108935f4ef96fe0166f2395c8859200c77c5fe4f090762a4edd 8138 util-linux_2.37.2-4ubuntu2_source.buildinfo
Files:
 9e273f38379d79efa85d728ea40186e5 4542 base required util-linux_2.37.2-4ubuntu2.dsc
 8945b99263ecb531d2323dc1662f48e9 106144 base required util-linux_2.37.2-4ubuntu2.debian.tar.xz
 bed51d9b8069d67bf9114fa9a5a525d5 8138 base required util-linux_2.37.2-4ubuntu2_source.buildinfo
Original-Maintainer: util-linux packagers <util-linux at packages.debian.org>

More information about the jammy-changes mailing list