Security update for libeconf, shadow and util-linux

Announcement ID:	SUSE-SU-2022:0727-1
Rating:	moderate
References:	bsc#1188507 bsc#1192954 bsc#1193632 bsc#1194976 jsc#SLE-23384 jsc#SLE-23402
Cross-References:	CVE-2021-3995 CVE-2021-3996
CVSS scores:	CVE-2021-3995 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3995 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3996 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3996 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP3 openSUSE Leap 15.3 Server Applications Module 15-SP3 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 Transactional Server Module 15-SP3

An update that solves two vulnerabilities, contains two features and has two security fixes can now be installed.

Description:

This security update for libeconf, shadow and util-linux fix the following issues:

libeconf:

• Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set.

shadow:

• The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

util-linux:

• The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
• Allow use of larger values for start sector to prevent blockdev --report aborting (bsc#1188507)
• Fixed blockdev --report using non-space characters as a field separator (bsc#1188507)
• CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
• CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-727=1
• Basesystem Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-727=1
• Server Applications Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-727=1
• Transactional Server Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-727=1
• SUSE Linux Enterprise Micro 5.1
  zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-727=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • libmount-devel-2.36.2-150300.4.14.3
  • libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount1-debuginfo-2.36.2-150300.4.14.3
  • libsmartcols-devel-2.36.2-150300.4.14.3
  • libuuid-devel-static-2.36.2-150300.4.14.3
  • util-linux-debugsource-2.36.2-150300.4.14.3
  • util-linux-debuginfo-2.36.2-150300.4.14.3
  • libsmartcols-devel-static-2.36.2-150300.4.14.3
  • libmount-devel-static-2.36.2-150300.4.14.3
  • python3-libmount-debuginfo-2.36.2-150300.4.14.2
  • libuuid1-2.36.2-150300.4.14.3
  • libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2
  • python3-libmount-2.36.2-150300.4.14.2
  • libmount1-2.36.2-150300.4.14.3
  • libfdisk-devel-static-2.36.2-150300.4.14.3
  • libfdisk1-debuginfo-2.36.2-150300.4.14.3
  • libeconf-devel-0.4.4+git20220104.962774f-150300.3.6.2
  • util-linux-2.36.2-150300.4.14.3
  • util-linux-systemd-debugsource-2.36.2-150300.4.14.2
  • libeconf-utils-0.4.4+git20220104.962774f-150300.3.6.2
  • util-linux-systemd-2.36.2-150300.4.14.2
  • libfdisk-devel-2.36.2-150300.4.14.3
  • shadow-debuginfo-4.8.1-150300.4.3.8
  • libfdisk1-2.36.2-150300.4.14.3
  • libeconf0-0.4.4+git20220104.962774f-150300.3.6.2
  • libuuid1-debuginfo-2.36.2-150300.4.14.3
  • libblkid1-debuginfo-2.36.2-150300.4.14.3
  • util-linux-systemd-debuginfo-2.36.2-150300.4.14.2
  • libblkid1-2.36.2-150300.4.14.3
  • python3-libmount-debugsource-2.36.2-150300.4.14.2
  • libblkid-devel-static-2.36.2-150300.4.14.3
  • uuidd-debuginfo-2.36.2-150300.4.14.2
  • libuuid-devel-2.36.2-150300.4.14.3
  • shadow-4.8.1-150300.4.3.8
  • libsmartcols1-2.36.2-150300.4.14.3
  • libeconf-utils-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • shadow-debugsource-4.8.1-150300.4.3.8
  • libsmartcols1-debuginfo-2.36.2-150300.4.14.3
  • uuidd-2.36.2-150300.4.14.2
  • libblkid-devel-2.36.2-150300.4.14.3
• openSUSE Leap 15.3 (x86_64)
  • libblkid-devel-32bit-2.36.2-150300.4.14.3
  • libfdisk-devel-32bit-2.36.2-150300.4.14.3
  • libuuid1-32bit-2.36.2-150300.4.14.3
  • libsmartcols1-32bit-2.36.2-150300.4.14.3
  • libuuid-devel-32bit-2.36.2-150300.4.14.3
  • libblkid1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libfdisk1-32bit-2.36.2-150300.4.14.3
  • libfdisk1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libeconf0-32bit-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libsmartcols1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libblkid1-32bit-2.36.2-150300.4.14.3
  • libuuid1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libmount1-32bit-2.36.2-150300.4.14.3
  • libeconf0-32bit-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount-devel-32bit-2.36.2-150300.4.14.3
  • libsmartcols-devel-32bit-2.36.2-150300.4.14.3
• openSUSE Leap 15.3 (noarch)
  • util-linux-lang-2.36.2-150300.4.14.3
  • login_defs-4.8.1-150300.4.3.8
• openSUSE Leap 15.3 (aarch64_ilp32)
  • libblkid-devel-64bit-2.36.2-150300.4.14.3
  • libmount1-64bit-2.36.2-150300.4.14.3
  • libuuid1-64bit-2.36.2-150300.4.14.3
  • libfdisk1-64bit-2.36.2-150300.4.14.3
  • libuuid1-64bit-debuginfo-2.36.2-150300.4.14.3
  • libmount1-64bit-debuginfo-2.36.2-150300.4.14.3
  • libsmartcols-devel-64bit-2.36.2-150300.4.14.3
  • libsmartcols1-64bit-2.36.2-150300.4.14.3
  • libuuid-devel-64bit-2.36.2-150300.4.14.3
  • libblkid1-64bit-debuginfo-2.36.2-150300.4.14.3
  • libfdisk-devel-64bit-2.36.2-150300.4.14.3
  • libfdisk1-64bit-debuginfo-2.36.2-150300.4.14.3
  • libeconf0-64bit-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • libeconf0-64bit-0.4.4+git20220104.962774f-150300.3.6.2
  • libblkid1-64bit-2.36.2-150300.4.14.3
  • libsmartcols1-64bit-debuginfo-2.36.2-150300.4.14.3
  • libmount-devel-64bit-2.36.2-150300.4.14.3
• Basesystem Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • libmount-devel-2.36.2-150300.4.14.3
  • libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount1-debuginfo-2.36.2-150300.4.14.3
  • libsmartcols-devel-2.36.2-150300.4.14.3
  • libuuid-devel-static-2.36.2-150300.4.14.3
  • util-linux-debugsource-2.36.2-150300.4.14.3
  • util-linux-debuginfo-2.36.2-150300.4.14.3
  • libuuid1-2.36.2-150300.4.14.3
  • libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount1-2.36.2-150300.4.14.3
  • libfdisk1-debuginfo-2.36.2-150300.4.14.3
  • util-linux-2.36.2-150300.4.14.3
  • util-linux-systemd-debugsource-2.36.2-150300.4.14.2
  • libfdisk-devel-2.36.2-150300.4.14.3
  • util-linux-systemd-2.36.2-150300.4.14.2
  • shadow-debuginfo-4.8.1-150300.4.3.8
  • libfdisk1-2.36.2-150300.4.14.3
  • libeconf0-0.4.4+git20220104.962774f-150300.3.6.2
  • libuuid1-debuginfo-2.36.2-150300.4.14.3
  • libblkid1-debuginfo-2.36.2-150300.4.14.3
  • util-linux-systemd-debuginfo-2.36.2-150300.4.14.2
  • libblkid1-2.36.2-150300.4.14.3
  • libblkid-devel-static-2.36.2-150300.4.14.3
  • libuuid-devel-2.36.2-150300.4.14.3
  • shadow-4.8.1-150300.4.3.8
  • libsmartcols1-2.36.2-150300.4.14.3
  • shadow-debugsource-4.8.1-150300.4.3.8
  • libsmartcols1-debuginfo-2.36.2-150300.4.14.3
  • libblkid-devel-2.36.2-150300.4.14.3
• Basesystem Module 15-SP3 (noarch)
  • util-linux-lang-2.36.2-150300.4.14.3
  • login_defs-4.8.1-150300.4.3.8
• Basesystem Module 15-SP3 (x86_64)
  • libuuid1-32bit-2.36.2-150300.4.14.3
  • libblkid1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libmount1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libblkid1-32bit-2.36.2-150300.4.14.3
  • libuuid1-32bit-debuginfo-2.36.2-150300.4.14.3
  • libmount1-32bit-2.36.2-150300.4.14.3
• Server Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • util-linux-systemd-debuginfo-2.36.2-150300.4.14.2
  • uuidd-2.36.2-150300.4.14.2
  • util-linux-systemd-debugsource-2.36.2-150300.4.14.2
  • uuidd-debuginfo-2.36.2-150300.4.14.2
• Transactional Server Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • libeconf0-0.4.4+git20220104.962774f-150300.3.6.2
  • libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2
• SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
  • libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount1-debuginfo-2.36.2-150300.4.14.3
  • util-linux-debugsource-2.36.2-150300.4.14.3
  • util-linux-debuginfo-2.36.2-150300.4.14.3
  • libuuid1-2.36.2-150300.4.14.3
  • libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2
  • libmount1-2.36.2-150300.4.14.3
  • libfdisk1-debuginfo-2.36.2-150300.4.14.3
  • util-linux-2.36.2-150300.4.14.3
  • util-linux-systemd-debugsource-2.36.2-150300.4.14.2
  • util-linux-systemd-2.36.2-150300.4.14.2
  • shadow-debuginfo-4.8.1-150300.4.3.8
  • libfdisk1-2.36.2-150300.4.14.3
  • libeconf0-0.4.4+git20220104.962774f-150300.3.6.2
  • libuuid1-debuginfo-2.36.2-150300.4.14.3
  • libblkid1-debuginfo-2.36.2-150300.4.14.3
  • util-linux-systemd-debuginfo-2.36.2-150300.4.14.2
  • libblkid1-2.36.2-150300.4.14.3
  • shadow-4.8.1-150300.4.3.8
  • libsmartcols1-2.36.2-150300.4.14.3
  • shadow-debugsource-4.8.1-150300.4.3.8
  • libsmartcols1-debuginfo-2.36.2-150300.4.14.3
• SUSE Linux Enterprise Micro 5.1 (noarch)
  • login_defs-4.8.1-150300.4.3.8

References:

• https://www.suse.com/security/cve/CVE-2021-3995.html
• https://www.suse.com/security/cve/CVE-2021-3996.html
• https://bugzilla.suse.com/show_bug.cgi?id=1188507
• https://bugzilla.suse.com/show_bug.cgi?id=1192954
• https://bugzilla.suse.com/show_bug.cgi?id=1193632
• https://bugzilla.suse.com/show_bug.cgi?id=1194976
• https://jira.suse.com/browse/SLE-23384
• https://jira.suse.com/browse/SLE-23402