USN-5279-1: util-linux vulnerabilities

9 February 2022

util-linux could be made to unmount FUSE filesystems belonging to other users.

Releases

Ubuntu 21.10
Ubuntu 20.04 LTS

Packages

util-linux - miscellaneous system utilities

Details

It was discovered that util-linux incorrectly handled unmounting FUSE
filesystems. A local attacker could possibly use this issue to unmount
FUSE filesystems belonging to other users.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10

mount - 2.36.1-8ubuntu2.2
util-linux - 2.36.1-8ubuntu2.2

Ubuntu 20.04

mount - 2.34-0.1ubuntu9.3
util-linux - 2.34-0.1ubuntu9.3

In general, a standard system update will make all the necessary changes.

References

CVE-2021-3995
CVE-2021-3996

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›