From 80208fb578cf92cc308906660ca6d7860c6b2a1f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 9 Mar 2018 16:53:27 +0000 Subject: gentoo resync : 09.03.2018 --- metadata/glsa/glsa-201803-02.xml | 55 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 metadata/glsa/glsa-201803-02.xml (limited to 'metadata/glsa/glsa-201803-02.xml') diff --git a/metadata/glsa/glsa-201803-02.xml b/metadata/glsa/glsa-201803-02.xml new file mode 100644 index 000000000000..7251591aafb3 --- /dev/null +++ b/metadata/glsa/glsa-201803-02.xml @@ -0,0 +1,55 @@ + + + + util-linux: User-assisted execution of arbitrary code + A vulnerability was discovered in util-linux, which could + potentially lead to the execution of arbitrary code. + + util-linux + 2018-03-07 + 2018-03-07 + 649812 + local, remote + + + 2.30.2-r1 + 2.30.2-r1 + + + +

util-linux is a suite of Linux programs including mount and umount, + programs used to mount and unmount filesystems. +

+ + +

It was discovered that the umount bash-completion as provided by + util-linux does not escap mount point paths. +

+ + +

An attacker controlling a volume label could entice a user with + privileges to mount/umount filesystems to use umount command with auto + completion, possibly resulting in execution of arbitrary code with root + privileges. +

+ + +

Disable Bash-completion or remove + “/usr/share/bash-completion/completions/umount”. +

+ + +

All util-linux users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.30.2-r1" + + + + + CVE-2018-7738 + + whissi + whissi + -- cgit v1.2.3