Main Vulnerability Database SB2022030431

SB2022030431 - SUSE update for libeconf, shadow and util-linux

Published: March 4, 2022

Security Bulletin ID SB2022030431

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3995)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper parsing of the /proc/self/mountinfo file in libmount. A local user can unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-3996)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper UID check in libmount. A local user can unmount FUSE filesystems of users with similar UID.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20220727-1/

Vulnerable Software

SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Module for Transactional Server: 15-SP3
SUSE Linux Enterprise Desktop: 15-SP3
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
SUSE Linux Enterprise Micro: 5.1
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP3
SUSE Linux Enterprise Module for Server Applications: 15-SP3
util-linux-lang: before 2.36.2-150300.4.14.3
login_defs: before 4.8.1-150300.4.3.8
libuuid1-32bit-debuginfo: before 2.36.2-150300.4.14.3
libuuid1-32bit: before 2.36.2-150300.4.14.3
libmount1-32bit-debuginfo: before 2.36.2-150300.4.14.3
libmount1-32bit: before 2.36.2-150300.4.14.3
libblkid1-32bit-debuginfo: before 2.36.2-150300.4.14.3
libblkid1-32bit: before 2.36.2-150300.4.14.3
util-linux-systemd: before 2.36.2-150300.4.14.2
util-linux-debugsource: before 2.36.2-150300.4.14.3
util-linux-debuginfo: before 2.36.2-150300.4.14.3
util-linux: before 2.36.2-150300.4.14.3
shadow-debugsource: before 4.8.1-150300.4.3.8
shadow-debuginfo: before 4.8.1-150300.4.3.8
shadow: before 4.8.1-150300.4.3.8
libuuid1-debuginfo: before 2.36.2-150300.4.14.3
libuuid1: before 2.36.2-150300.4.14.3
libuuid-devel-static: before 2.36.2-150300.4.14.3
libuuid-devel: before 2.36.2-150300.4.14.3
libsmartcols1-debuginfo: before 2.36.2-150300.4.14.3
libsmartcols1: before 2.36.2-150300.4.14.3
libsmartcols-devel: before 2.36.2-150300.4.14.3
libmount1-debuginfo: before 2.36.2-150300.4.14.3
libmount1: before 2.36.2-150300.4.14.3
libmount-devel: before 2.36.2-150300.4.14.3
libfdisk1-debuginfo: before 2.36.2-150300.4.14.3
libfdisk1: before 2.36.2-150300.4.14.3
libfdisk-devel: before 2.36.2-150300.4.14.3
libblkid1-debuginfo: before 2.36.2-150300.4.14.3
libblkid1: before 2.36.2-150300.4.14.3
libblkid-devel-static: before 2.36.2-150300.4.14.3
libblkid-devel: before 2.36.2-150300.4.14.3
uuidd-debuginfo: before 2.36.2-150300.4.14.2
uuidd: before 2.36.2-150300.4.14.2
util-linux-systemd-debugsource: before 2.36.2-150300.4.14.2
util-linux-systemd-debuginfo: before 2.36.2-150300.4.14.2
libeconf0-debuginfo: before 0.4.4+git20220104.962774f-150300.3.6.2
libeconf0: before 0.4.4+git20220104.962774f-150300.3.6.2
libeconf-debugsource: before 0.4.4+git20220104.962774f-150300.3.6.2