From cab34278595bf6053dfc56885d5010c1f9dde0a8a0cfa5e96a36d4858478dacc Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 24 Jan 2022 22:38:41 +0000 Subject: [PATCH] Accepting request 948494 from home:dirkmueller:Factory - update to 2.37.3 (bsc#1194976): This release fixes two security mount(8) and umount(8) issues: * CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. * CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. OBS-URL: https://build.opensuse.org/request/show/948494 OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=460 --- python3-libmount.spec | 4 ++-- util-linux-2.37.2.tar.sign | 16 ---------------- util-linux-2.37.2.tar.xz | 3 --- util-linux-2.37.3.tar.sign | 16 ++++++++++++++++ util-linux-2.37.3.tar.xz | 3 +++ util-linux-systemd.spec | 4 ++-- util-linux.changes | 13 +++++++++++++ util-linux.spec | 4 ++-- 8 files changed, 38 insertions(+), 25 deletions(-) delete mode 100644 util-linux-2.37.2.tar.sign delete mode 100644 util-linux-2.37.2.tar.xz create mode 100644 util-linux-2.37.3.tar.sign create mode 100644 util-linux-2.37.3.tar.xz diff --git a/python3-libmount.spec b/python3-libmount.spec index 9ceef93..73e0810 100644 --- a/python3-libmount.spec +++ b/python3-libmount.spec @@ -1,7 +1,7 @@ # # spec file for package python3-libmount # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -125,7 +125,7 @@ BuildRequires: libmount-devel %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.2 +Version: 2.37.3 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz diff --git a/util-linux-2.37.2.tar.sign b/util-linux-2.37.2.tar.sign deleted file mode 100644 index ac75b1c..0000000 --- a/util-linux-2.37.2.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmEaadwACgkQ5LcdXuw5 -woTRVg//bg/LYBhHKj9o8YfF3EIrQcySrL9hkZ0DnRT2tDEhuGSBZ0SrDI+8KSFn -iAxpGSOwVOlPk9M6E5LGb2BrVwtELtug+DymrNXRgx9TPZvch1Ti5qKDSPj9xPqF -OdRv1+gL6aeaEz+d0FJUUkYtWMXsc/PeZe11BokEfj6To+7D7poZnUL2QiKnl+w4 -omyJMpjUrWW+zwWEdDnWWhM9VdxkU/10QOFdb2NibV6kzpdhf80IDfj/PAKXcpNA -CqNKUlMmC2qADWurl1DlY9279z8dRPD/u7CtUpdr4MN/lk/5uRNIwBmVId5axySJ -jWtgYjtsaarELgRGBIYzFR6tsTfuaLn5/ElefSwzdnQh/4jfarEKHTYo/QULFx8/ -pXvJVEetQ7GzCduWiEJfQhUcoPY8GmeQcZAj0QyyAvArUc7LwTVDWeh2pNgf6XBR -y3zKUQv6PURFEcvz9625I9iXwtouXRuhz8bx6+ON7eNHE0g7PpZVIGkH3cH4/sCy -XW36piWAi3W6wbaHnI3EMErGtg9IIT2gQS4HKgB05pq7qHdByPDVRqbXUrgZQj5x -umZqCU28/EEtVvO8oJlysycn7nfx1k1S7mvqidmZhndwZrvkKznfq1as+z/bvVwJ -Qi7QUyNlbgwLHKv37vEmOQESRLZ4k3qCPjRe7mj+6TuS2bWUXvM= -=nxA9 ------END PGP SIGNATURE----- diff --git a/util-linux-2.37.2.tar.xz b/util-linux-2.37.2.tar.xz deleted file mode 100644 index 9dd6704..0000000 --- a/util-linux-2.37.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6a0764c1aae7fb607ef8a6dd2c0f6c47d5e5fd27aa08820abaad9ec14e28e9d9 -size 5621624 diff --git a/util-linux-2.37.3.tar.sign b/util-linux-2.37.3.tar.sign new file mode 100644 index 0000000..8b64c34 --- /dev/null +++ b/util-linux-2.37.3.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmHucl0ACgkQ5LcdXuw5 +woRUIA//fUFuiVwvbCMlkHOUo7ebLozYdnfeqky/t7yxUWwdqttPJiQVO3gfkNWr +FI6y2EFun3ToyYdTi4YueDHPyYecPzLMsTot2F0eA+I1blsnHuvspchGd0V5pw8j +KWtbD4XUjY5DMS6FyLrkvz6nleDlm1xcNDxvhom5gKwhWOdYkcf21j1M1zqPjyaa +DI4CZn5gMvKBfsNFRqQh4+gQMyJ2qNoWpQo7VfHqWPWkC/uzNjifKd2ATlaCeEGF +N1Ykm2bM/NZ6vl/MY4DLNJdD8m3xnYoF6zqhFblUMZ0oZVp02D/sfZJGmrLrSmpY +UD1bql1JRgrchh1kCboU+PiA6CFk5DWN2ex8O4qnjrc9oab2YQ3vuvrIzT/v0IpG +DqIwloW1PL8R5mxOiRC6rUhYAdyLvpVs3ZJrqGtlceB/YpB7vDrIDc3CC45mno2f +S9sUc6J+Kq1s5Cd1PEAghMeeoAvnudNuCnXGh0gfF4CNCQ/89sOZMR4YQaCL8xZZ +Vp5uDmwtR4YdN0xk5A7BwrGQ18fwymGN9TSP0LkNT8MHRafjGhHRurfDH7MPVUtP +IWK+mansvJvbP8OuajsX6w/8umB+8kiGVAV0uh4Cm/Lq1p/HE2g4ZJs1wgHO238a +zLo52tiuIN3Kc8nBlYhKOVi30YrcbRWppRbxxVQRHohoHOdrgEg= +=Dk1+ +-----END PGP SIGNATURE----- diff --git a/util-linux-2.37.3.tar.xz b/util-linux-2.37.3.tar.xz new file mode 100644 index 0000000..4e9db72 --- /dev/null +++ b/util-linux-2.37.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:590c592e58cd6bf38519cb467af05ce6a1ab18040e3e3418f24bcfb2f55f9776 +size 6126260 diff --git a/util-linux-systemd.spec b/util-linux-systemd.spec index 4ead586..b90f49c 100644 --- a/util-linux-systemd.spec +++ b/util-linux-systemd.spec @@ -1,7 +1,7 @@ # # spec file for package util-linux-systemd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -125,7 +125,7 @@ BuildRequires: libmount-devel %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.2 +Version: 2.37.3 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz diff --git a/util-linux.changes b/util-linux.changes index 79a181c..c870c73 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller + +- update to 2.37.3 (bsc#1194976): + This release fixes two security mount(8) and umount(8) issues: + * CVE-2021-3996 + Improper UID check in libmount allows an unprivileged user to unmount FUSE + filesystems of users with similar UID. + * CVE-2021-3995 + This issue is related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. + ------------------------------------------------------------------- Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec diff --git a/util-linux.spec b/util-linux.spec index b9561b3..49bcad5 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -1,7 +1,7 @@ # # spec file for package util-linux # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -125,7 +125,7 @@ BuildRequires: libmount-devel %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.2 +Version: 2.37.3 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz