Main Vulnerability Database SB2026012267

SB2026012267 - SUSE update for util-linux

Published: January 22, 2026

Security Bulletin ID SB2026012267

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Heap-based buffer overflow (CVE-ID: CVE-2025-14104)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing 256-byte usernames within the setpwnam() function. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

The vulnerability affects any SUID login-utils utility writing to password database.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260230-1/

Vulnerable Software

Server Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
libmount1-32bit-debuginfo: before 2.40.4-150700.4.3.1
libblkid1-32bit: before 2.40.4-150700.4.3.1
libuuid1-32bit-debuginfo: before 2.40.4-150700.4.3.1
libmount1-32bit: before 2.40.4-150700.4.3.1
libuuid1-32bit: before 2.40.4-150700.4.3.1
libblkid1-32bit-debuginfo: before 2.40.4-150700.4.3.1
util-linux-extra-debuginfo: before 2.40.4-150700.4.3.1
util-linux-extra: before 2.40.4-150700.4.3.1
util-linux-lang: before 2.40.4-150700.4.3.1
util-linux: before 2.40.4-150700.4.3.1
libsmartcols-devel: before 2.40.4-150700.4.3.1
libmount-devel: before 2.40.4-150700.4.3.1
libblkid-devel-static: before 2.40.4-150700.4.3.1
libmount1-debuginfo: before 2.40.4-150700.4.3.1
util-linux-systemd: before 2.40.4-150700.4.3.1
libmount1: before 2.40.4-150700.4.3.1
libsmartcols1: before 2.40.4-150700.4.3.1
libblkid1: before 2.40.4-150700.4.3.1
util-linux-debugsource: before 2.40.4-150700.4.3.1
libuuid-devel-static: before 2.40.4-150700.4.3.1
libfdisk1-debuginfo: before 2.40.4-150700.4.3.1
libsmartcols1-debuginfo: before 2.40.4-150700.4.3.1
libblkid1-debuginfo: before 2.40.4-150700.4.3.1
util-linux-debuginfo: before 2.40.4-150700.4.3.1
libfdisk-devel: before 2.40.4-150700.4.3.1
libuuid1-debuginfo: before 2.40.4-150700.4.3.1
util-linux-tty-tools: before 2.40.4-150700.4.3.1
libblkid-devel: before 2.40.4-150700.4.3.1
libfdisk1: before 2.40.4-150700.4.3.1
libuuid1: before 2.40.4-150700.4.3.1
util-linux-tty-tools-debuginfo: before 2.40.4-150700.4.3.1
libuuid-devel: before 2.40.4-150700.4.3.1
uuidd: before 2.40.4-150700.4.3.1
uuidd-debuginfo: before 2.40.4-150700.4.3.1
util-linux-systemd-debugsource: before 2.40.4-150700.4.3.1
util-linux-systemd-debuginfo: before 2.40.4-150700.4.3.1