rpm package
opensuse/util-linux-systemd&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/util-linux-systemd&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3184 | Low | 3.7 | < 2.39.3-150600.4.18.1 | 2.39.3-150600.4.18.1 | Apr 3, 2026 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, pot | |
| CVE-2025-14104 | Med | 6.1 | < 2.39.3-150600.4.15.1 | 2.39.3-150600.4.15.1 | Dec 5, 2025 | A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | |
| CVE-2024-28085 | Low | 3.3 | < 2.39.3-150600.4.3.1 | 2.39.3-150600.4.3.1 | Mar 27, 2024 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) Ther |
- affected < 2.39.3-150600.4.18.1fixed 2.39.3-150600.4.18.1
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, pot
- affected < 2.39.3-150600.4.15.1fixed 2.39.3-150600.4.15.1
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
- affected < 2.39.3-150600.4.3.1fixed 2.39.3-150600.4.3.1
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) Ther