From 18c6b99666acc98238013b081b9cdaf2ab4d06d9 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sat, 29 Jan 2022 12:01:19 +0100 Subject: [PATCH] util-linux: Update to version 2.37.3 This release fixes two security mount(8) and umount(8) issues: CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. Signed-off-by: Hauke Mehrtens --- package/utils/util-linux/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/util-linux/Makefile b/package/utils/util-linux/Makefile index a532aaf769..f2d58b413f 100644 --- a/package/utils/util-linux/Makefile +++ b/package/utils/util-linux/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=util-linux -PKG_VERSION:=2.37 +PKG_VERSION:=2.37.3 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/$(PKG_NAME)/v2.37 -PKG_HASH:=bd07b7e98839e0359842110525a3032fdb8eaf3a90bedde3dd1652d32d15cce5 +PKG_HASH:=590c592e58cd6bf38519cb467af05ce6a1ab18040e3e3418f24bcfb2f55f9776 PKG_CPE_ID:=cpe:/a:kernel:util-linux PKG_LICENSE:=GPL-2.0-only -- 2.30.2