A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code.
|Package||sys-apps/util-linux on all architectures|
|Affected versions||< 2.30.2-r1|
|Unaffected versions||>= 2.30.2-r1|
util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems.
It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths.
An attacker controlling a volume label could entice a user with privileges to mount/umount filesystems to use umount command with auto completion, possibly resulting in execution of arbitrary code with root privileges.
Disable Bash-completion or remove “/usr/share/bash-completion/completions/umount”.
All util-linux users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.30.2-r1"
March 07, 2018
March 07, 2018: 1