rpm package
suse/util-linux&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3184 | Low | 3.7 | < 2.36.2-150300.4.53.1 | 2.36.2-150300.4.53.1 | Apr 3, 2026 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, pot | |
| CVE-2025-14104 | Med | 6.1 | < 2.36.2-150300.4.50.1 | 2.36.2-150300.4.50.1 | Dec 5, 2025 | A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | |
| CVE-2024-28085 | Low | 3.3 | < 2.36.2-150300.4.41.1 | 2.36.2-150300.4.41.1 | Mar 27, 2024 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) Ther | |
| CVE-2021-3996 | — | < 2.36.2-150300.4.14.3 | 2.36.2-150300.4.14.3 | Aug 23, 2022 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /t | ||
| CVE-2021-3995 | — | < 2.36.2-150300.4.14.3 | 2.36.2-150300.4.14.3 | Aug 23, 2022 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a pre |
- affected < 2.36.2-150300.4.53.1fixed 2.36.2-150300.4.53.1
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, pot
- affected < 2.36.2-150300.4.50.1fixed 2.36.2-150300.4.50.1
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
- affected < 2.36.2-150300.4.41.1fixed 2.36.2-150300.4.41.1
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) Ther
- CVE-2021-3996Aug 23, 2022affected < 2.36.2-150300.4.14.3fixed 2.36.2-150300.4.14.3
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /t
- CVE-2021-3995Aug 23, 2022affected < 2.36.2-150300.4.14.3fixed 2.36.2-150300.4.14.3
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a pre