Your message dated Tue, 16 Dec 2025 20:41:26 +0000
with message-id <[email protected]>
and subject line Bug#1122058: fixed in util-linux 2.41.3-1
has caused the Debian Bug report #1122058,
regarding util-linux: CVE-2025-14104
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122058
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: util-linux
Version: 2.41.2-4
Severity: normal
Tags: security upstream
Forwarded: https://github.com/util-linux/util-linux/issues/3585
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for util-linux.
Mainly filling for tracking and marking the fix once it lands in
unstable.
CVE-2025-14104[0]:
| A flaw was found in util-linux. This vulnerability allows a heap
| buffer overread when processing 256-byte usernames, specifically
| within the `setpwnam()` function, affecting SUID (Set User ID)
| login-utils utilities writing to the password database.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-14104
https://www.cve.org/CVERecord?id=CVE-2025-14104
[1] https://github.com/util-linux/util-linux/issues/3585
[2] https://github.com/util-linux/util-linux/pull/3586
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: util-linux
Source-Version: 2.41.3-1
Done: Chris Hofstaedtler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <[email protected]> (supplier of updated util-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Dec 2025 20:37:41 +0100
Source: util-linux
Architecture: source
Version: 2.41.3-1
Distribution: unstable
Urgency: medium
Maintainer: Chris Hofstaedtler <[email protected]>
Changed-By: Chris Hofstaedtler <[email protected]>
Closes: 1122058
Changes:
util-linux (2.41.3-1) unstable; urgency=medium
.
* Stop installing lastlog2-import.service
* New upstream release, fixing CVE-2025-14104. (Closes: #1122058)
Checksums-Sha1:
41b3d6f64024ff8ba830bca792cacc75fbdcc1c6 4928 util-linux_2.41.3-1.dsc
4060091cdb5f1c495afb4bf55e2173138db2f791 9467224 util-linux_2.41.3.orig.tar.xz
e41f845653d4e19701d41a12fa7ae833348da2d7 104824
util-linux_2.41.3-1.debian.tar.xz
e9e241def6dd23a5b1c1e9ae48b52529b88395ba 22342
util-linux_2.41.3-1_arm64.buildinfo
Checksums-Sha256:
77444f0717295e4b9a5f65cdae21e8247abb69b31b151ef87d4dd4c00dba5298 4928
util-linux_2.41.3-1.dsc
3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b 9467224
util-linux_2.41.3.orig.tar.xz
f686309e9d383c67b5b9c83cfbb5c2eecfd1de8be2da7274c3fa499feb94bcf2 104824
util-linux_2.41.3-1.debian.tar.xz
06de6652883a25d24309aae1d0359ec078e10424b4f22b14887c1c1f38f08fc7 22342
util-linux_2.41.3-1_arm64.buildinfo
Files:
154bc2903a513cc9a9e76fa749472bc7 4928 utils required util-linux_2.41.3-1.dsc
d2faa85303dea29e7f6ee40a9465e528 9467224 utils required
util-linux_2.41.3.orig.tar.xz
e921159826fcd13b5a5e81187717449b 104824 utils required
util-linux_2.41.3-1.debian.tar.xz
859d38714f77d1350fe2484100f8cfee 22342 utils required
util-linux_2.41.3-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmlBuscACgkQXBPW25MF
LgMv5A//aDJFexkvDRxLWsorsBLeqLbjqn+Y+67u6gdY7BWOIUUkqCYlEHphATqS
l6UBWM36gOeAaisAuR1GW6oBVZXdX8mZLuiCptY2LUofdM6oT3csh7unEGjToLZp
OySKdF1ovjsvV8DtTEdm2J+EMFHDXxFIY1rxi2Aq67R8y2Q40DYGqOv1/yPbLgfy
MySaAopXSMGHR7a5Z9V9DGUnQay9EeaWhPvHhpPHogalmpW71lwLgcoc6IBt6Lev
Dk8ko4NbFYCiWWDwreybv2hCRsC9Mmfnu1W9dchl7Athypd5wlRPXPscLpKAXIhv
2Z9Y9Uj1/raTbzt/RjFqhiFuz0qDTtKU331LqVaXS1y2Kl7Uqgp7H223XKXed3X2
3IDlRqYwK1H7PpJlP7qHvKd5xsQ6mmVbj6SPtwgCXhaq57U+DveTyJXIJraq6dvN
ieaApoTH4t5+ALIpfO1oYA5mcmE5NBjgLCQ6BBQ1i7cIZXGFMamm1bB5bAWzTGt3
qOZxaXS4lMuMkEBJO4vC2BY5OfMW9XClj0ifAFm0g3B8js35NKvElOI0y5a12RlR
gGQEzfzcZlxLrcKG6HB8pafvHXsasaknnCNOPJo0j6jG/+io8EOC1MoXxLBuRQSE
Eedpic7tPFTuNOY2mneYuk6p5gED9D57mg0QQWkt1keM9z5QABI=
=6wIC
-----END PGP SIGNATURE-----
pgpHERaRGdoMi.pgp
Description: PGP signature
--- End Message ---
