Amazon Linux 2022 Security Advisory: ALAS-2022-086
Advisory Release Date: 2022-06-01 17:54 Pacific
Advisory Updated Date: 2022-06-10 00:15 Pacific
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)
Affected Packages:
util-linux
Issue Correction:
Run yum update util-linux to update your system.
aarch64:
libblkid-debuginfo-2.37.4-1.amzn2022.aarch64
libblkid-devel-2.37.4-1.amzn2022.aarch64
libsmartcols-2.37.4-1.amzn2022.aarch64
libuuid-devel-2.37.4-1.amzn2022.aarch64
uuidd-debuginfo-2.37.4-1.amzn2022.aarch64
util-linux-user-2.37.4-1.amzn2022.aarch64
util-linux-core-debuginfo-2.37.4-1.amzn2022.aarch64
libmount-devel-2.37.4-1.amzn2022.aarch64
libsmartcols-devel-2.37.4-1.amzn2022.aarch64
uuidd-2.37.4-1.amzn2022.aarch64
python3-libmount-debuginfo-2.37.4-1.amzn2022.aarch64
libmount-debuginfo-2.37.4-1.amzn2022.aarch64
libfdisk-2.37.4-1.amzn2022.aarch64
libmount-2.37.4-1.amzn2022.aarch64
util-linux-user-debuginfo-2.37.4-1.amzn2022.aarch64
libfdisk-devel-2.37.4-1.amzn2022.aarch64
util-linux-core-2.37.4-1.amzn2022.aarch64
util-linux-debuginfo-2.37.4-1.amzn2022.aarch64
python3-libmount-2.37.4-1.amzn2022.aarch64
libsmartcols-debuginfo-2.37.4-1.amzn2022.aarch64
util-linux-debugsource-2.37.4-1.amzn2022.aarch64
libuuid-2.37.4-1.amzn2022.aarch64
util-linux-2.37.4-1.amzn2022.aarch64
libuuid-debuginfo-2.37.4-1.amzn2022.aarch64
libblkid-2.37.4-1.amzn2022.aarch64
libfdisk-debuginfo-2.37.4-1.amzn2022.aarch64
i686:
util-linux-debugsource-2.37.4-1.amzn2022.i686
util-linux-core-debuginfo-2.37.4-1.amzn2022.i686
util-linux-debuginfo-2.37.4-1.amzn2022.i686
util-linux-2.37.4-1.amzn2022.i686
util-linux-core-2.37.4-1.amzn2022.i686
libfdisk-debuginfo-2.37.4-1.amzn2022.i686
libblkid-debuginfo-2.37.4-1.amzn2022.i686
libmount-debuginfo-2.37.4-1.amzn2022.i686
libsmartcols-debuginfo-2.37.4-1.amzn2022.i686
libfdisk-2.37.4-1.amzn2022.i686
libmount-2.37.4-1.amzn2022.i686
libblkid-2.37.4-1.amzn2022.i686
python3-libmount-debuginfo-2.37.4-1.amzn2022.i686
libsmartcols-2.37.4-1.amzn2022.i686
python3-libmount-2.37.4-1.amzn2022.i686
util-linux-user-debuginfo-2.37.4-1.amzn2022.i686
libuuid-debuginfo-2.37.4-1.amzn2022.i686
uuidd-debuginfo-2.37.4-1.amzn2022.i686
util-linux-user-2.37.4-1.amzn2022.i686
uuidd-2.37.4-1.amzn2022.i686
libmount-devel-2.37.4-1.amzn2022.i686
libuuid-2.37.4-1.amzn2022.i686
libfdisk-devel-2.37.4-1.amzn2022.i686
libblkid-devel-2.37.4-1.amzn2022.i686
libsmartcols-devel-2.37.4-1.amzn2022.i686
libuuid-devel-2.37.4-1.amzn2022.i686
src:
util-linux-2.37.4-1.amzn2022.src
x86_64:
libmount-debuginfo-2.37.4-1.amzn2022.x86_64
python3-libmount-debuginfo-2.37.4-1.amzn2022.x86_64
uuidd-debuginfo-2.37.4-1.amzn2022.x86_64
libsmartcols-debuginfo-2.37.4-1.amzn2022.x86_64
libsmartcols-2.37.4-1.amzn2022.x86_64
util-linux-debugsource-2.37.4-1.amzn2022.x86_64
libsmartcols-devel-2.37.4-1.amzn2022.x86_64
util-linux-core-debuginfo-2.37.4-1.amzn2022.x86_64
libblkid-2.37.4-1.amzn2022.x86_64
libfdisk-devel-2.37.4-1.amzn2022.x86_64
uuidd-2.37.4-1.amzn2022.x86_64
util-linux-debuginfo-2.37.4-1.amzn2022.x86_64
libuuid-debuginfo-2.37.4-1.amzn2022.x86_64
libblkid-devel-2.37.4-1.amzn2022.x86_64
util-linux-user-2.37.4-1.amzn2022.x86_64
libuuid-2.37.4-1.amzn2022.x86_64
libuuid-devel-2.37.4-1.amzn2022.x86_64
util-linux-core-2.37.4-1.amzn2022.x86_64
libmount-devel-2.37.4-1.amzn2022.x86_64
libblkid-debuginfo-2.37.4-1.amzn2022.x86_64
util-linux-2.37.4-1.amzn2022.x86_64
libmount-2.37.4-1.amzn2022.x86_64
libfdisk-debuginfo-2.37.4-1.amzn2022.x86_64
util-linux-user-debuginfo-2.37.4-1.amzn2022.x86_64
python3-libmount-2.37.4-1.amzn2022.x86_64
libfdisk-2.37.4-1.amzn2022.x86_64