Security update for util-linux SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:1103-1 Final 1 1 2022-04-04T15:48:00Z current 2022-04-04T15:48:00Z 2022-04-04T15:48:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for util-linux This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Load /etc/default/su (bsc#1116347). - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix for warning on mounts to CIFS with mount. (bsc#1174942) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-1103,SUSE-SLE-SERVER-12-SP2-BCL-2022-1103 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20221103-1/ Link for SUSE-SU-2022:1103-1 https://lists.suse.com/pipermail/sle-security-updates/2022-April/010652.html E-Mail link for SUSE-SU-2022:1103-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1038841 SUSE Bug 1038841 https://bugzilla.suse.com/1081947 SUSE Bug 1081947 https://bugzilla.suse.com/1082293 SUSE Bug 1082293 https://bugzilla.suse.com/1084671 SUSE Bug 1084671 https://bugzilla.suse.com/1085196 SUSE Bug 1085196 https://bugzilla.suse.com/1106214 SUSE Bug 1106214 https://bugzilla.suse.com/1116347 SUSE Bug 1116347 https://bugzilla.suse.com/1122417 SUSE Bug 1122417 https://bugzilla.suse.com/1125886 SUSE Bug 1125886 https://bugzilla.suse.com/1135534 SUSE Bug 1135534 https://bugzilla.suse.com/1135708 SUSE Bug 1135708 https://bugzilla.suse.com/1151708 SUSE Bug 1151708 https://bugzilla.suse.com/1168235 SUSE Bug 1168235 https://bugzilla.suse.com/1168389 SUSE Bug 1168389 https://bugzilla.suse.com/1169006 SUSE Bug 1169006 https://bugzilla.suse.com/1172427 SUSE Bug 1172427 https://bugzilla.suse.com/1174942 SUSE Bug 1174942 https://bugzilla.suse.com/1175514 SUSE Bug 1175514 https://bugzilla.suse.com/1175623 SUSE Bug 1175623 https://bugzilla.suse.com/1178236 SUSE Bug 1178236 https://bugzilla.suse.com/1178554 SUSE Bug 1178554 https://bugzilla.suse.com/1178825 SUSE Bug 1178825 https://bugzilla.suse.com/1188921 SUSE Bug 1188921 https://bugzilla.suse.com/1194642 SUSE Bug 1194642 https://www.suse.com/security/cve/CVE-2021-37600/ SUSE CVE CVE-2021-37600 page SUSE Linux Enterprise Server 12 SP2-BCL libblkid-devel-2.28-44.35.1 libblkid-devel-32bit-2.28-44.35.1 libblkid-devel-64bit-2.28-44.35.1 libblkid-devel-static-2.28-44.35.1 libblkid1-2.28-44.35.1 libblkid1-32bit-2.28-44.35.1 libblkid1-64bit-2.28-44.35.1 libfdisk-devel-2.28-44.35.1 libfdisk-devel-static-2.28-44.35.1 libfdisk1-2.28-44.35.1 libmount-devel-2.28-44.35.1 libmount-devel-32bit-2.28-44.35.1 libmount-devel-64bit-2.28-44.35.1 libmount-devel-static-2.28-44.35.1 libmount1-2.28-44.35.1 libmount1-32bit-2.28-44.35.1 libmount1-64bit-2.28-44.35.1 libsmartcols-devel-2.28-44.35.1 libsmartcols-devel-static-2.28-44.35.1 libsmartcols1-2.28-44.35.1 libuuid-devel-2.28-44.35.1 libuuid-devel-32bit-2.28-44.35.1 libuuid-devel-64bit-2.28-44.35.1 libuuid-devel-static-2.28-44.35.1 libuuid1-2.28-44.35.1 libuuid1-32bit-2.28-44.35.1 libuuid1-64bit-2.28-44.35.1 python-libmount-2.28-44.35.1 util-linux-2.28-44.35.1 util-linux-lang-2.28-44.35.1 util-linux-systemd-2.28-44.35.1 uuidd-2.28-44.35.1 libblkid1-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libblkid1-32bit-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libfdisk1-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libmount1-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libmount1-32bit-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libsmartcols1-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libuuid1-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libuuid1-32bit-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL python-libmount-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL util-linux-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL util-linux-lang-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL util-linux-systemd-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL uuidd-2.28-44.35.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. CVE-2021-37600 SUSE Linux Enterprise Server 12 SP2-BCL:libblkid1-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libblkid1-32bit-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libfdisk1-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libmount1-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libmount1-32bit-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libsmartcols1-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libuuid1-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:libuuid1-32bit-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:python-libmount-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:util-linux-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:util-linux-lang-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:util-linux-systemd-2.28-44.35.1 SUSE Linux Enterprise Server 12 SP2-BCL:uuidd-2.28-44.35.1 moderate 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221103-1/ https://www.suse.com/security/cve/CVE-2021-37600.html CVE-2021-37600 https://bugzilla.suse.com/1188921 SUSE Bug 1188921