| Summary: | <sys-apps/util-linux-2.26: command injection flaw in blkid | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | base-system |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc | ||
| See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1168485 | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
Redhat patches this in util-linux-2.24.2-2.fc20. Maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not. Does anyone know if this is fixed in 2.25.2 or 2.26? Is sys-apps/util-linux-2.26 fix the issue and is ready for stabilization? This issue was resolved and addressed in GLSA 201612-14 at https://security.gentoo.org/glsa/201612-14 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL} : Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges (for example, when running blkid on a malicious USB drive): http://www.openwall.com/lists/oss-security/2014/11/26/13 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.