Security
Security
A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code.
| Package | sys-apps/util-linux on all architectures |
|---|---|
| Affected versions | < 2.30.2-r1 |
| Unaffected versions | >= 2.30.2-r1 |
util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems.
It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths.
An attacker controlling a volume label could entice a user with privileges to mount/umount filesystems to use umount command with auto completion, possibly resulting in execution of arbitrary code with root privileges.
Disable Bash-completion or remove “/usr/share/bash-completion/completions/umount”.
All util-linux users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.30.2-r1"
Release date
March 07, 2018
Latest revision
March 07, 2018: 1
Severity
high
Exploitable
local, remote
Bugzilla entries