1
0
forked from pool/util-linux

Accepting request 948494 from home:dirkmueller:Factory

- update to 2.37.3 (bsc#1194976):
  This release fixes two security mount(8) and umount(8) issues: 
  * CVE-2021-3996
    Improper UID check in libmount allows an unprivileged user to unmount FUSE
    filesystems of users with similar UID.
  * CVE-2021-3995
    This issue is related to parsing the /proc/self/mountinfo file allows an
    unprivileged user to unmount other user's filesystems that are either
    world-writable themselves or mounted in a world-writable directory.

OBS-URL: https://build.opensuse.org/request/show/948494
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=460
This commit is contained in:
Jan Engelhardt 2022-01-24 22:38:41 +00:00 committed by Git OBS Bridge
parent 2e15cdd619
commit cab3427859
8 changed files with 38 additions and 25 deletions

View File

@ -1,7 +1,7 @@
#
# spec file for package python3-libmount
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -125,7 +125,7 @@ BuildRequires: libmount-devel
%endif
%endif
#END SECOND STAGE DEPENDENCIES
Version: 2.37.2
Version: 2.37.3
Release: 0
URL: https://www.kernel.org/pub/linux/utils/util-linux/
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmEaadwACgkQ5LcdXuw5
woTRVg//bg/LYBhHKj9o8YfF3EIrQcySrL9hkZ0DnRT2tDEhuGSBZ0SrDI+8KSFn
iAxpGSOwVOlPk9M6E5LGb2BrVwtELtug+DymrNXRgx9TPZvch1Ti5qKDSPj9xPqF
OdRv1+gL6aeaEz+d0FJUUkYtWMXsc/PeZe11BokEfj6To+7D7poZnUL2QiKnl+w4
omyJMpjUrWW+zwWEdDnWWhM9VdxkU/10QOFdb2NibV6kzpdhf80IDfj/PAKXcpNA
CqNKUlMmC2qADWurl1DlY9279z8dRPD/u7CtUpdr4MN/lk/5uRNIwBmVId5axySJ
jWtgYjtsaarELgRGBIYzFR6tsTfuaLn5/ElefSwzdnQh/4jfarEKHTYo/QULFx8/
pXvJVEetQ7GzCduWiEJfQhUcoPY8GmeQcZAj0QyyAvArUc7LwTVDWeh2pNgf6XBR
y3zKUQv6PURFEcvz9625I9iXwtouXRuhz8bx6+ON7eNHE0g7PpZVIGkH3cH4/sCy
XW36piWAi3W6wbaHnI3EMErGtg9IIT2gQS4HKgB05pq7qHdByPDVRqbXUrgZQj5x
umZqCU28/EEtVvO8oJlysycn7nfx1k1S7mvqidmZhndwZrvkKznfq1as+z/bvVwJ
Qi7QUyNlbgwLHKv37vEmOQESRLZ4k3qCPjRe7mj+6TuS2bWUXvM=
=nxA9
-----END PGP SIGNATURE-----

BIN
util-linux-2.37.2.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmHucl0ACgkQ5LcdXuw5
woRUIA//fUFuiVwvbCMlkHOUo7ebLozYdnfeqky/t7yxUWwdqttPJiQVO3gfkNWr
FI6y2EFun3ToyYdTi4YueDHPyYecPzLMsTot2F0eA+I1blsnHuvspchGd0V5pw8j
KWtbD4XUjY5DMS6FyLrkvz6nleDlm1xcNDxvhom5gKwhWOdYkcf21j1M1zqPjyaa
DI4CZn5gMvKBfsNFRqQh4+gQMyJ2qNoWpQo7VfHqWPWkC/uzNjifKd2ATlaCeEGF
N1Ykm2bM/NZ6vl/MY4DLNJdD8m3xnYoF6zqhFblUMZ0oZVp02D/sfZJGmrLrSmpY
UD1bql1JRgrchh1kCboU+PiA6CFk5DWN2ex8O4qnjrc9oab2YQ3vuvrIzT/v0IpG
DqIwloW1PL8R5mxOiRC6rUhYAdyLvpVs3ZJrqGtlceB/YpB7vDrIDc3CC45mno2f
S9sUc6J+Kq1s5Cd1PEAghMeeoAvnudNuCnXGh0gfF4CNCQ/89sOZMR4YQaCL8xZZ
Vp5uDmwtR4YdN0xk5A7BwrGQ18fwymGN9TSP0LkNT8MHRafjGhHRurfDH7MPVUtP
IWK+mansvJvbP8OuajsX6w/8umB+8kiGVAV0uh4Cm/Lq1p/HE2g4ZJs1wgHO238a
zLo52tiuIN3Kc8nBlYhKOVi30YrcbRWppRbxxVQRHohoHOdrgEg=
=Dk1+
-----END PGP SIGNATURE-----

BIN
util-linux-2.37.3.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,7 +1,7 @@
#
# spec file for package util-linux-systemd
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -125,7 +125,7 @@ BuildRequires: libmount-devel
%endif
%endif
#END SECOND STAGE DEPENDENCIES
Version: 2.37.2
Version: 2.37.3
Release: 0
URL: https://www.kernel.org/pub/linux/utils/util-linux/
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
-------------------------------------------------------------------
Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package util-linux
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -125,7 +125,7 @@ BuildRequires: libmount-devel
%endif
%endif
#END SECOND STAGE DEPENDENCIES
Version: 2.37.2
Version: 2.37.3
Release: 0
URL: https://www.kernel.org/pub/linux/utils/util-linux/
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz