USN-4512-1: util-linux vulnerability

17 September 2020

util-linux could be made to run programs when performing bash completion.

Releases

Packages

  • util-linux - miscellaneous system utilities

Details

It was discovered that the umount bash completion script shipped in
util-linux incorrectly handled certain mountpoints. If a local attacker
were able to create arbitrary mountpoints, another user could be tricked
into executing arbitrary code when attempting to run the umount command
with bash completion.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04

In general, a standard system update will make all the necessary changes.

References