Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package util-linux for openSUSE:Factory checked in at 2022-01-28 22:12:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/util-linux (Old) and /work/SRC/openSUSE:Factory/.util-linux.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "util-linux" Fri Jan 28 22:12:24 2022 rev:253 rq:948510 version:2.37.3 Changes: -------- util-linux-systemd.changes: same change --- /work/SRC/openSUSE:Factory/util-linux/util-linux.changes 2021-12-18 20:30:32.110252178 +0100 +++ /work/SRC/openSUSE:Factory/.util-linux.new.1898/util-linux.changes 2022-01-28 22:12:26.578928187 +0100 @@ -1,0 +2,13 @@ +Mon Jan 24 21:57:01 UTC 2022 - Dirk M??ller <dmuel...@suse.com> + +- update to 2.37.3 (bsc#1194976): + This release fixes two security mount(8) and umount(8) issues: + * CVE-2021-3996 + Improper UID check in libmount allows an unprivileged user to unmount FUSE + filesystems of users with similar UID. + * CVE-2021-3995 + This issue is related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. + +------------------------------------------------------------------- Old: ---- util-linux-2.37.2.tar.sign util-linux-2.37.2.tar.xz New: ---- util-linux-2.37.3.tar.sign util-linux-2.37.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-libmount.spec ++++++ --- /var/tmp/diff_new_pack.nO4K95/_old 2022-01-28 22:12:30.342902431 +0100 +++ /var/tmp/diff_new_pack.nO4K95/_new 2022-01-28 22:12:30.350902376 +0100 @@ -1,7 +1,7 @@ # # spec file for package python3-libmount # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -125,7 +125,7 @@ %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.2 +Version: 2.37.3 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz util-linux-systemd.spec: same change ++++++ util-linux.spec ++++++ --- /var/tmp/diff_new_pack.nO4K95/_old 2022-01-28 22:12:30.418901911 +0100 +++ /var/tmp/diff_new_pack.nO4K95/_new 2022-01-28 22:12:30.422901884 +0100 @@ -1,7 +1,7 @@ # # spec file for package util-linux # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -125,7 +125,7 @@ %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.2 +Version: 2.37.3 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz ++++++ util-linux-2.37.2.tar.xz -> util-linux-2.37.3.tar.xz ++++++ ++++ 5875 lines of diff (skipped)
