Debian Security Advisory 5055-1

Debian Security Advisory 5055-1: Posted Jan 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5055-1 - The Qualys Research Labs discovered two vulnerabilities in util-linux's libmount. These flaws allow an unprivileged user to unmount other users' filesystems that are either world-writable themselves or mounted in a world-writable directory (CVE-2021-3996), or to unmount FUSE filesystems that belong to certain other users (CVE-2021-3995).; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2021-3995, CVE-2021-3996; SHA-256 | 791b25c542fdcab603dca3ab8f37b4738bb5bc7396bcf1400359e043d9abc116; Download | Favorite | View

Debian Security Advisory 5055-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5055-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 24, 2022                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : util-linux
CVE ID         : CVE-2021-3995 CVE-2021-3996

The Qualys Research Labs discovered two vulnerabilities in util-linux's
libmount. These flaws allow an unprivileged user to unmount other users'
filesystems that are either world-writable themselves or mounted in a
world-writable directory (CVE-2021-3996), or to unmount FUSE filesystems
that belong to certain other users (CVE-2021-3995).

For the stable distribution (bullseye), these problems have been fixed in
version 2.36.1-8+deb11u1.

We recommend that you upgrade your util-linux packages.

For the detailed security status of util-linux please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/util-linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHujUNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TD/BAAmjdIgQgYI0Bc7fcp4tMNHOADXbn5cJysAee0P55kb863q5TM49DzbHuB
Xh5Fh7+f4O/rDUXZoW/2hm43pbwDs8EH8LGYjTkspHraRkFEq7mLR6753SIVXHTP
U/k9eShfgqRggCq7OTiALBXC00yMNn75PGsd5GPKEv2egSG34+bdp2RPnKc+R7cC
yLkwuN6oNq0+KW08HzQp6FSYX7V+a8gsO2QWdlgAuXQC4ICCtYV1jtYn/GJ2SB6E
E98nNIUBSR5sf8bXKDpPTrxvbAF1Y0719A7MwGnZS9bNVIBMlx0tNHSCddLrE6/F
BMHSyvTQo+xLs5t+Esxb2rfsjuOlrbwte++8GR/LnVr/Zi/vVrzkccwneQlhHPzp
Ok8fJ7ipEVbpBWyWdomsQXb8y7o8RFHr9P374JmCQE/urMaOHq1Lc7C9ctVJ5VHb
3+BV/FpMAvY6KekNqriSiX9aXXfWr4HQr7OO6rlz84/rC7wlVpYOx4TRaRGPQPyD
STfa8W1shaMlxgL9zgmAtgCu4nNOR4BqVi5ZbuxY8sdbBM7tFD4DuD6sIhNAFadL
pIpbvGte7FFHci4vQX/TEZVUGP0yqbNkvuScvT9k9ca/vytJ+9JZf4BUjGF/tO7C
HS76o443AhdoYbCm7xtQHf2sm3eqPY6ULXTBZmLgVN3q6jWiyhQ=
=lcvO
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 5055-1

Debian Security Advisory 5055-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5055-1

Share This

Debian Security Advisory 5055-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems