DSA-4134-1 util-linux -- util-linuxID: oval:org.secpod.oval:def:603306 | Date: (C)2018-03-12 (M)2024-01-03 |
Class: PATCH | Family: unix |
Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user is tricked into using the umount completion while a specially crafted mount is present.
Product: |
bsdutils |
libsmartcols1 |
libmount1 |
libsmartcols-dev |
libmount-dev |
uuid-runtime |
util-linux |
setpriv |
fdisk-udeb |
libfdisk1 |
libuuid1 |
libfdisk-dev |
uuid-dev |
libblkid1 |
mount |
libblkid-dev |