SUSE-SU-2025:20304-1: important: Security update for util-linux

SLE-UPDATES null at suse.de
Wed Jun 4 07:24:32 UTC 2025 


# Security update for util-linux

Announcement ID: SUSE-SU-2025:20304-1  
Release Date: 2025-05-08T12:25:53Z  
Rating: important  
References:

  * bsc#1159034
  * bsc#1194818
  * bsc#1218609
  * bsc#1220117
  * bsc#1221831
  * bsc#1223605
  * bsc#1224285
  * bsc#1225197
  * bsc#1225598
  * bsc#1229476

  
Cross-References:

  * CVE-2024-28085

  
CVSS scores:

  * CVE-2024-28085 ( SUSE ):  8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  * CVE-2024-28085 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

  
Affected Products:

  * SUSE Linux Micro 6.1

  
  
An update that solves one vulnerability and has nine fixes can now be installed.

## Description:

This update for util-linux fixes the following issues:

  * Updated to version 2.40.4:
  * agetty: Prevent cursor escape (bsc#1194818)
  * chcpu(8): Document CPU deconfiguring behavior
  * fdisk: SGI fixes
  * hardlink: fix memory corruption
  * hardlink.1 directory|file is mandatory
  * lib/env: fix env_list_setenv() for strings without '='
  * libblkid: (exfat) validate fields used by prober (gpt) use
    blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for
    swaparea bitlocker fix version on big-endian systems
  * libfdisk: make sure libblkid uses the same sector size
  * libmount: extract common error handling function propagate first error of
    multiple filesystem types
  * logger: correctly format tv_usec
  * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476)
  * lsns: ignore ESRCH errors reported when accessing files under /proc
  * mkswap: set selinux label also when creating file
  * more: make sure we have data on stderr
  * nsenter: support empty environ
  * umount, losetup: Document loop destroy behavior (bsc#1159034).
  * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid
    mode uuidd-tmpfiles.conf
  * Refresh util-linux.keyring. Key validity was extended.

  * Update to version 2.40.2:

  * cfdisk: fix possible integer overflow
  * libmount: improving robustness in reading kernel messages, add pidfs to
    pseudo fs list
  * lscpu: New Arm Cortex part numbers fix hang of lscpu -e (bsc#1225598)
  * lsfd: Refactor the pidfd logic, support pidfs
  * mkswap.8.adoc: update note regarding swapfile creation
  * setpgid: make -f work

  * Enable kernel mountfd API, as it should be already stable (PED-9752).

  * Move autoreconf back to %build.
  * Add devel dependencies.
  * Remove util-linux-rpmlintrc. It is no more needed with multibuild.
  * uncomment "autoreconf --install" to use the new version of automake
  * disable libmagic in more(1) for binary detection (bsc#1225197)
  * add support for pidfs in kernel 6.9 (bsc#1224285)

  * Update to version 2.40.1:

  * more: clean processes not cleaned up after failed SSH session using up 100%
    CPU (bsc#1220117)
  * CVE-2024-28085: Fixed improper neutralization of escape sequences in wall
    (bsc#1221831)
  * chcpu: document limitations of -g (bsc#1218609)
  * lscpu: even more Arm part numbers (bsc#1223605)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.1  
    zypper in -t patch SUSE-SLE-Micro-6.1-95=1

## Package List:

  * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
    * libmount1-debuginfo-2.40.4-slfo.1.1_1.1
    * libuuid1-2.40.4-slfo.1.1_1.1
    * libblkid1-debuginfo-2.40.4-slfo.1.1_1.1
    * libmount1-2.40.4-slfo.1.1_1.1
    * util-linux-systemd-debugsource-2.40.4-slfo.1.1_1.1
    * lastlog2-2.40.4-slfo.1.1_1.1
    * libsmartcols1-2.40.4-slfo.1.1_1.1
    * lastlog2-debuginfo-2.40.4-slfo.1.1_1.1
    * liblastlog2-2-debuginfo-2.40.4-slfo.1.1_1.1
    * util-linux-debuginfo-2.40.4-slfo.1.1_1.1
    * libuuid1-debuginfo-2.40.4-slfo.1.1_1.1
    * util-linux-2.40.4-slfo.1.1_1.1
    * util-linux-systemd-2.40.4-slfo.1.1_1.1
    * util-linux-systemd-debuginfo-2.40.4-slfo.1.1_1.1
    * libfdisk1-2.40.4-slfo.1.1_1.1
    * libsmartcols1-debuginfo-2.40.4-slfo.1.1_1.1
    * util-linux-debugsource-2.40.4-slfo.1.1_1.1
    * liblastlog2-2-2.40.4-slfo.1.1_1.1
    * libblkid1-2.40.4-slfo.1.1_1.1
    * libfdisk1-debuginfo-2.40.4-slfo.1.1_1.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-28085.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1159034
  * https://bugzilla.suse.com/show_bug.cgi?id=1194818
  * https://bugzilla.suse.com/show_bug.cgi?id=1218609
  * https://bugzilla.suse.com/show_bug.cgi?id=1220117
  * https://bugzilla.suse.com/show_bug.cgi?id=1221831
  * https://bugzilla.suse.com/show_bug.cgi?id=1223605
  * https://bugzilla.suse.com/show_bug.cgi?id=1224285
  * https://bugzilla.suse.com/show_bug.cgi?id=1225197
  * https://bugzilla.suse.com/show_bug.cgi?id=1225598
  * https://bugzilla.suse.com/show_bug.cgi?id=1229476

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250604/eea0e623/attachment.htm>

More information about the sle-updates mailing list