Overview

File _patchinfo of Package patchinfo.7828

<patchinfo incident="7828">
  <issue tracker="bnc" id="1084300">VUL-0: CVE-2018-7738: util-linux: bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command</issue>
  <issue tracker="bnc" id="1080740">bind sub-mount-points being mounted again when using mount -av</issue>
  <issue tracker="bnc" id="1072947">util-linux-2.28-44.14.2.x86_64 lscpu(1) hangs on invocation</issue>
  <issue tracker="bnc" id="1078662">lsblk is not listing the NVME devices on SLES 15</issue>
  <issue tracker="cve" id="2018-7738"/>
  <category>security</category>
  <rating>important</rating>
  <packager>sbrabec</packager>
  <description>This update for util-linux fixes the following issues:

This non-security issue was fixed:

- CVE-2018-7738: bash-completion/umount allowed local users to gain privileges
  by embedding shell commands in a mountpoint name, which was mishandled during a
  umount command by a different user (bsc#1084300).

These non-security issues were fixed:

- Fixed crash loop in lscpu (bsc#1072947).
- Fixed possible segfault of umount -a
- Fixed mount -a on NFS bind mounts (bsc#1080740).
- Fixed lsblk on NVMe (bsc#1078662).
  </description>
  <summary>Security update for util-linux</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places