libblkid-devel-2.37.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11915 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libblkid-devel-2.37.4-1.1 on GA media These are all security issues fixed in the libblkid-devel-2.37.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11915 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11915 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0563/ SUSE CVE CVE-2022-0563 page openSUSE Tumbleweed libblkid-devel-2.37.4-1.1 libblkid-devel-32bit-2.37.4-1.1 libblkid-devel-static-2.37.4-1.1 libblkid1-2.37.4-1.1 libblkid1-32bit-2.37.4-1.1 libfdisk-devel-2.37.4-1.1 libfdisk-devel-32bit-2.37.4-1.1 libfdisk-devel-static-2.37.4-1.1 libfdisk1-2.37.4-1.1 libfdisk1-32bit-2.37.4-1.1 libmount-devel-2.37.4-1.1 libmount-devel-32bit-2.37.4-1.1 libmount-devel-static-2.37.4-1.1 libmount1-2.37.4-1.1 libmount1-32bit-2.37.4-1.1 libsmartcols-devel-2.37.4-1.1 libsmartcols-devel-32bit-2.37.4-1.1 libsmartcols-devel-static-2.37.4-1.1 libsmartcols1-2.37.4-1.1 libsmartcols1-32bit-2.37.4-1.1 libuuid-devel-2.37.4-1.1 libuuid-devel-32bit-2.37.4-1.1 libuuid-devel-static-2.37.4-1.1 libuuid1-2.37.4-1.1 libuuid1-32bit-2.37.4-1.1 util-linux-2.37.4-1.1 util-linux-lang-2.37.4-1.1 libblkid-devel-2.37.4-1.1 as a component of openSUSE Tumbleweed libblkid-devel-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libblkid-devel-static-2.37.4-1.1 as a component of openSUSE Tumbleweed libblkid1-2.37.4-1.1 as a component of openSUSE Tumbleweed libblkid1-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libfdisk-devel-2.37.4-1.1 as a component of openSUSE Tumbleweed libfdisk-devel-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libfdisk-devel-static-2.37.4-1.1 as a component of openSUSE Tumbleweed libfdisk1-2.37.4-1.1 as a component of openSUSE Tumbleweed libfdisk1-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libmount-devel-2.37.4-1.1 as a component of openSUSE Tumbleweed libmount-devel-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libmount-devel-static-2.37.4-1.1 as a component of openSUSE Tumbleweed libmount1-2.37.4-1.1 as a component of openSUSE Tumbleweed libmount1-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libsmartcols-devel-2.37.4-1.1 as a component of openSUSE Tumbleweed libsmartcols-devel-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libsmartcols-devel-static-2.37.4-1.1 as a component of openSUSE Tumbleweed libsmartcols1-2.37.4-1.1 as a component of openSUSE Tumbleweed libsmartcols1-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libuuid-devel-2.37.4-1.1 as a component of openSUSE Tumbleweed libuuid-devel-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed libuuid-devel-static-2.37.4-1.1 as a component of openSUSE Tumbleweed libuuid1-2.37.4-1.1 as a component of openSUSE Tumbleweed libuuid1-32bit-2.37.4-1.1 as a component of openSUSE Tumbleweed util-linux-2.37.4-1.1 as a component of openSUSE Tumbleweed util-linux-lang-2.37.4-1.1 as a component of openSUSE Tumbleweed A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. CVE-2022-0563 openSUSE Tumbleweed:libblkid-devel-2.37.4-1.1 openSUSE Tumbleweed:libblkid-devel-32bit-2.37.4-1.1 openSUSE Tumbleweed:libblkid-devel-static-2.37.4-1.1 openSUSE Tumbleweed:libblkid1-2.37.4-1.1 openSUSE Tumbleweed:libblkid1-32bit-2.37.4-1.1 openSUSE Tumbleweed:libfdisk-devel-2.37.4-1.1 openSUSE Tumbleweed:libfdisk-devel-32bit-2.37.4-1.1 openSUSE Tumbleweed:libfdisk-devel-static-2.37.4-1.1 openSUSE Tumbleweed:libfdisk1-2.37.4-1.1 openSUSE Tumbleweed:libfdisk1-32bit-2.37.4-1.1 openSUSE Tumbleweed:libmount-devel-2.37.4-1.1 openSUSE Tumbleweed:libmount-devel-32bit-2.37.4-1.1 openSUSE Tumbleweed:libmount-devel-static-2.37.4-1.1 openSUSE Tumbleweed:libmount1-2.37.4-1.1 openSUSE Tumbleweed:libmount1-32bit-2.37.4-1.1 openSUSE Tumbleweed:libsmartcols-devel-2.37.4-1.1 openSUSE Tumbleweed:libsmartcols-devel-32bit-2.37.4-1.1 openSUSE Tumbleweed:libsmartcols-devel-static-2.37.4-1.1 openSUSE Tumbleweed:libsmartcols1-2.37.4-1.1 openSUSE Tumbleweed:libsmartcols1-32bit-2.37.4-1.1 openSUSE Tumbleweed:libuuid-devel-2.37.4-1.1 openSUSE Tumbleweed:libuuid-devel-32bit-2.37.4-1.1 openSUSE Tumbleweed:libuuid-devel-static-2.37.4-1.1 openSUSE Tumbleweed:libuuid1-2.37.4-1.1 openSUSE Tumbleweed:libuuid1-32bit-2.37.4-1.1 openSUSE Tumbleweed:util-linux-2.37.4-1.1 openSUSE Tumbleweed:util-linux-lang-2.37.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0563.html CVE-2022-0563 https://bugzilla.suse.com/1196241 SUSE Bug 1196241