831978 – (CVE-2021-3995, CVE-2021-3996) <sys-apps/util-linux-2.37.3: multiple vulnerabilities

Bug 831978 (CVE-2021-3995, CVE-2021-3996) - <sys-apps/util-linux-2.37.3: multiple vulnerabilities

Summary: <sys-apps/util-linux-2.37.3: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2021-3995, CVE-2021-3996

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	A3 [glsa+]
Keywords:	PullRequest

Depends on:	831980
Blocks:
	Show dependency tree

Reported:	2022-01-24 15:03 UTC by John Helmert III
Modified:	2024-01-07 08:32 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/23940
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-01-24 15:03:41 UTC

URL describes two vulnerabilites whose impact is the ability for an unauthorized user to unmount.

Seemingly unreleased patches: 
https://github.com/util-linux/util-linux/commit/166e87368ae88bf31112a30e078cceae637f4cdb
https://github.com/util-linux/util-linux/commit/57202f5713afa2af20ffbb6ab5331481d0396f8d
https://github.com/util-linux/util-linux/commit/9c05f4b6bf62a20a64a8e5735c7f3dcf0229e895

Comment 1 Larry the Git Cow gentoo-dev

2022-01-24 16:02:48 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5f5f2e564e448f86dee8c0271152c0dc47754d4

commit d5f5f2e564e448f86dee8c0271152c0dc47754d4
Author:     Mathieu Tortuyaux <mtortuyaux@microsoft.com>
AuthorDate: 2022-01-24 15:50:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-24 15:58:29 +0000

    sys-apps/util-linux: bump to version 2.37.3
    
    Bug: https://bugs.gentoo.org/831978
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
    Closes: https://github.com/gentoo/gentoo/pull/23940
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/util-linux/Manifest                       |   1 +
 .../util-linux-2.37.3-ioctl_ns-test-hang.patch     |  37 +++
 sys-apps/util-linux/util-linux-2.37.3.ebuild       | 317 +++++++++++++++++++++
 3 files changed, 355 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2022-01-24 16:08:37 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a614c66095fee76fc55e9fdea5b58e9bd39ef02

commit 5a614c66095fee76fc55e9fdea5b58e9bd39ef02
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-24 16:06:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-24 16:06:17 +0000

    sys-apps/util-linux: remove duplicate patch
    
    Bug: https://bugs.gentoo.org/831978
    Signed-off-by: Sam James <sam@gentoo.org>

 .../util-linux-2.37.3-ioctl_ns-test-hang.patch     | 37 ----------------------
 sys-apps/util-linux/util-linux-2.37.3.ebuild       |  2 +-
 2 files changed, 1 insertion(+), 38 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2024-01-07 08:30:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4e42800d2202837758726b7cc0f86440487fee40

commit 4e42800d2202837758726b7cc0f86440487fee40
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-07 08:30:19 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-07 08:30:48 +0000

    [ GLSA 202401-08 ] util-linux: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/806070
    Bug: https://bugs.gentoo.org/831978
    Bug: https://bugs.gentoo.org/833365
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-08.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)