Security update for util-linux
This update for util-linux fixes the following issues:
This non-security issue was fixed:
- CVE-2018-7738: bash-completion/umount allowed local users to gain privileges
by embedding shell commands in a mountpoint name, which was mishandled during a
umount command by a different user (bsc#1084300).
These non-security issues were fixed:
- Fixed crash loop in lscpu (bsc#1072947).
- Fixed possible segfault of umount -a
- Fixed mount -a on NFS bind mounts (bsc#1080740).
- Fixed lsblk on NVMe (bsc#1078662).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Stanislav Brabec (sbrabec)
Fixed bugs
bnc#1084300
VUL-0: CVE-2018-7738: util-linux: bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command
bnc#1080740
bind sub-mount-points being mounted again when using mount -av
bnc#1072947
util-linux-2.28-44.14.2.x86_64 lscpu(1) hangs on invocation
bnc#1078662
lsblk is not listing the NVME devices on SLES 15
