From: Hauke Mehrtens Date: Sat, 29 Jan 2022 11:01:19 +0000 (+0100) Subject: util-linux: Update to version 2.37.3 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=18c6b99666acc98238013b081b9cdaf2ab4d06d9;p=openwrt%2Fstaging%2Fblocktrron.git util-linux: Update to version 2.37.3 This release fixes two security mount(8) and umount(8) issues: CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. Signed-off-by: Hauke Mehrtens --- diff --git a/package/utils/util-linux/Makefile b/package/utils/util-linux/Makefile index a532aaf769..f2d58b413f 100644 --- a/package/utils/util-linux/Makefile +++ b/package/utils/util-linux/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=util-linux -PKG_VERSION:=2.37 +PKG_VERSION:=2.37.3 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/$(PKG_NAME)/v2.37 -PKG_HASH:=bd07b7e98839e0359842110525a3032fdb8eaf3a90bedde3dd1652d32d15cce5 +PKG_HASH:=590c592e58cd6bf38519cb467af05ce6a1ab18040e3e3418f24bcfb2f55f9776 PKG_CPE_ID:=cpe:/a:kernel:util-linux PKG_LICENSE:=GPL-2.0-only