Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.
721b596b39c552a83413d7c73f21fa99895259ca2b06e7ee12a54af082236b77
Debian Linux Security Advisory 4134-1 - Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present.
83b60daf457134ad19dfdbe3b0fbb827b9872307ec8d73874d18ff1123086aa2
Gentoo Linux Security Advisory 201803-2 - A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code. Versions less than 2.30.2-r1 are affected.
c53758085963969a5d8d1cabb18a0b7ba4de041931b130bf072ccc778a2dae8b