This bug was fixed in the package util-linux - 2.41.3-3ubuntu1
---------------
util-linux (2.41.3-3ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2142050). Remaining changes:
- Add sulogin-fallback-static-sh.patch
Add support for /bin/static-sh as fallback if the regular shell fails to
execute. Patch ported from sysvinit. (see LP #505887)
- Add sulogin-lockedpwd.patch
Make sure file systems can be fixed on machines with locked root
accounts (as Ubuntu does by default). Don't require --force for sulogin.
- d/rules: disable libmount mountfs support
Disable brand new feature with --disable-libmount-mountfd-support that
causes inability to deploy MAAS LP #2037417.
* Dropped changes applied upstream:
- SECURITY UPDATE: heap overread with 256-byte usernames
+ debian/patches/CVE-2025-14104-1.patch: add length check in
login-utils/setpwnam.c.
+ debian/patches/CVE-2025-14104-2.patch: update buflen in
login-utils/setpwnam.c.
+ CVE-2025-14104
* Dropped changes as they were no longer necessary:
- d/p/ubuntu/lp-2030793-make-check-pidfd.patch
This patch only effected kernel versions below 5.15 which are not
available on resolute.
- d/p/u/lp-2112552-tests-mark-mkfds-multiplexing-as-known-fail.patch
The underlying bug was addressed in rust-coreutils.
util-linux (2.41.3-3) unstable; urgency=medium
* d/libsmartcols1.symbols: drop terminal crap
* d/rules: make dpkg-gensymbols more strict
* lintian: ignore groff-message tags
* lintian: ignore groff-message tags in remaining packages
* Add upstream patches
* unshare: fix user namespace bind mounts
* unshare: remove get_mnt_ino() check in bind_ns_files_from_child()
* unshare: add --owner to set user namespace owner uid and gid
* libfdisk: modernize ZFS GPT type description
util-linux (2.41.3-2) unstable; urgency=medium
[ Luca Boccassi ]
* util-linux: do not fail postinst/prerm if update-alternatives is missing
util-linux (2.41.3-1) unstable; urgency=medium
* Stop installing lastlog2-import.service
* New upstream release, fixing CVE-2025-14104. (Closes: #1122058)
-- Ural Tunaboyu <[email protected]> Sun, 15 Feb 2026
17:43:12 -0800
** Changed in: util-linux (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-14104
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142050
Title:
Merge util-linux from Debian Unstable for resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/2142050/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
