Advisories » MGASA-2018-0237

Updated util-linux packages fix security vulnerability

Publication date: 16 May 2018
Modification date: 16 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7738

Description

A command injection flaw was found in the way util-linux implements
umount autocompletion in Bash. An attacker with the ability to mount a
filesystem with custom mount points may execute arbitrary commands on
behalf of the user who triggers the umount autocompletion
(CVE-2018-7738).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22726
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N76EQ5XFDZ7L4B2EBFLEF5PK476OERQB/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738

SRPMS

6/core

• util-linux-2.28.2-2.1.mga6