libblkid-devel-2.28.2-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10279-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libblkid-devel-2.28.2-2.1 on GA media These are all security issues fixed in the libblkid-devel-2.28.2-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10279 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-0157/ SUSE CVE CVE-2013-0157 page https://www.suse.com/security/cve/CVE-2014-9114/ SUSE CVE CVE-2014-9114 page https://www.suse.com/security/cve/CVE-2015-5218/ SUSE CVE CVE-2015-5218 page https://www.suse.com/security/cve/CVE-2016-2779/ SUSE CVE CVE-2016-2779 page openSUSE Tumbleweed libblkid-devel-2.28.2-2.1 libblkid-devel-32bit-2.28.2-2.1 libblkid-devel-static-2.28.2-2.1 libblkid1-2.28.2-2.1 libblkid1-32bit-2.28.2-2.1 libfdisk-devel-2.28.2-2.1 libfdisk-devel-static-2.28.2-2.1 libfdisk1-2.28.2-2.1 libmount-devel-2.28.2-2.1 libmount-devel-32bit-2.28.2-2.1 libmount-devel-static-2.28.2-2.1 libmount1-2.28.2-2.1 libmount1-32bit-2.28.2-2.1 libsmartcols-devel-2.28.2-2.1 libsmartcols-devel-static-2.28.2-2.1 libsmartcols1-2.28.2-2.1 libuuid-devel-2.28.2-2.1 libuuid-devel-32bit-2.28.2-2.1 libuuid-devel-static-2.28.2-2.1 libuuid1-2.28.2-2.1 libuuid1-32bit-2.28.2-2.1 python-libmount-2.28.2-2.1 util-linux-2.28.2-2.1 util-linux-lang-2.28.2-2.1 util-linux-systemd-2.28.2-2.1 uuidd-2.28.2-2.1 libblkid-devel-2.28.2-2.1 as a component of openSUSE Tumbleweed libblkid-devel-32bit-2.28.2-2.1 as a component of openSUSE Tumbleweed libblkid-devel-static-2.28.2-2.1 as a component of openSUSE Tumbleweed libblkid1-2.28.2-2.1 as a component of openSUSE Tumbleweed libblkid1-32bit-2.28.2-2.1 as a component of openSUSE Tumbleweed libfdisk-devel-2.28.2-2.1 as a component of openSUSE Tumbleweed libfdisk-devel-static-2.28.2-2.1 as a component of openSUSE Tumbleweed libfdisk1-2.28.2-2.1 as a component of openSUSE Tumbleweed libmount-devel-2.28.2-2.1 as a component of openSUSE Tumbleweed libmount-devel-32bit-2.28.2-2.1 as a component of openSUSE Tumbleweed libmount-devel-static-2.28.2-2.1 as a component of openSUSE Tumbleweed libmount1-2.28.2-2.1 as a component of openSUSE Tumbleweed libmount1-32bit-2.28.2-2.1 as a component of openSUSE Tumbleweed libsmartcols-devel-2.28.2-2.1 as a component of openSUSE Tumbleweed libsmartcols-devel-static-2.28.2-2.1 as a component of openSUSE Tumbleweed libsmartcols1-2.28.2-2.1 as a component of openSUSE Tumbleweed libuuid-devel-2.28.2-2.1 as a component of openSUSE Tumbleweed libuuid-devel-32bit-2.28.2-2.1 as a component of openSUSE Tumbleweed libuuid-devel-static-2.28.2-2.1 as a component of openSUSE Tumbleweed libuuid1-2.28.2-2.1 as a component of openSUSE Tumbleweed libuuid1-32bit-2.28.2-2.1 as a component of openSUSE Tumbleweed python-libmount-2.28.2-2.1 as a component of openSUSE Tumbleweed util-linux-2.28.2-2.1 as a component of openSUSE Tumbleweed util-linux-lang-2.28.2-2.1 as a component of openSUSE Tumbleweed util-linux-systemd-2.28.2-2.1 as a component of openSUSE Tumbleweed uuidd-2.28.2-2.1 as a component of openSUSE Tumbleweed (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. CVE-2013-0157 openSUSE Tumbleweed:libblkid-devel-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libfdisk1-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libmount1-2.28.2-2.1 openSUSE Tumbleweed:libmount1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols1-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:python-libmount-2.28.2-2.1 openSUSE Tumbleweed:util-linux-2.28.2-2.1 openSUSE Tumbleweed:util-linux-lang-2.28.2-2.1 openSUSE Tumbleweed:util-linux-systemd-2.28.2-2.1 openSUSE Tumbleweed:uuidd-2.28.2-2.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0157.html CVE-2013-0157 https://bugzilla.suse.com/797002 SUSE Bug 797002 Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVE-2014-9114 openSUSE Tumbleweed:libblkid-devel-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libfdisk1-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libmount1-2.28.2-2.1 openSUSE Tumbleweed:libmount1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols1-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:python-libmount-2.28.2-2.1 openSUSE Tumbleweed:util-linux-2.28.2-2.1 openSUSE Tumbleweed:util-linux-lang-2.28.2-2.1 openSUSE Tumbleweed:util-linux-systemd-2.28.2-2.1 openSUSE Tumbleweed:uuidd-2.28.2-2.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9114.html CVE-2014-9114 https://bugzilla.suse.com/907434 SUSE Bug 907434 https://bugzilla.suse.com/908742 SUSE Bug 908742 Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. CVE-2015-5218 openSUSE Tumbleweed:libblkid-devel-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libfdisk1-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libmount1-2.28.2-2.1 openSUSE Tumbleweed:libmount1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols1-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:python-libmount-2.28.2-2.1 openSUSE Tumbleweed:util-linux-2.28.2-2.1 openSUSE Tumbleweed:util-linux-lang-2.28.2-2.1 openSUSE Tumbleweed:util-linux-systemd-2.28.2-2.1 openSUSE Tumbleweed:uuidd-2.28.2-2.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5218.html CVE-2015-5218 https://bugzilla.suse.com/949754 SUSE Bug 949754 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVE-2016-2779 openSUSE Tumbleweed:libblkid-devel-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libblkid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-2.28.2-2.1 openSUSE Tumbleweed:libblkid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-2.28.2-2.1 openSUSE Tumbleweed:libfdisk-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libfdisk1-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libmount-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libmount1-2.28.2-2.1 openSUSE Tumbleweed:libmount1-32bit-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libsmartcols1-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-32bit-2.28.2-2.1 openSUSE Tumbleweed:libuuid-devel-static-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-2.28.2-2.1 openSUSE Tumbleweed:libuuid1-32bit-2.28.2-2.1 openSUSE Tumbleweed:python-libmount-2.28.2-2.1 openSUSE Tumbleweed:util-linux-2.28.2-2.1 openSUSE Tumbleweed:util-linux-lang-2.28.2-2.1 openSUSE Tumbleweed:util-linux-systemd-2.28.2-2.1 openSUSE Tumbleweed:uuidd-2.28.2-2.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2779.html CVE-2016-2779 https://bugzilla.suse.com/1000998 SUSE Bug 1000998 https://bugzilla.suse.com/1018892 SUSE Bug 1018892 https://bugzilla.suse.com/946429 SUSE Bug 946429 https://bugzilla.suse.com/968375 SUSE Bug 968375 https://bugzilla.suse.com/968674 SUSE Bug 968674 https://bugzilla.suse.com/968675 SUSE Bug 968675