Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/util-linux@2.12p-4sarge2
purl pkg:deb/debian/util-linux@2.12p-4sarge2
Next non-vulnerable version 2.42-6
Latest non-vulnerable version 2.42-6
Risk
Vulnerabilities affecting this package (19)
Vulnerability Summary Fixed by
VCID-1fkf-pg88-67gm
Aliases:
CVE-2011-1675
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
2.20.1-5.3
Affected by 13 other vulnerabilities.
VCID-1y4y-wz8e-b7ap
Aliases:
CVE-2020-21583
util-linux: arbitrary commands execution via the path parameter
2.29.2-1+deb9u1
Affected by 6 other vulnerabilities.
VCID-3cgb-jerk-2yeh
Aliases:
CVE-2007-5191
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
2.13.1.1-1
Affected by 16 other vulnerabilities.
VCID-3qrr-p9p3-9qh9
Aliases:
CVE-2016-5011
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
2.29.2-1+deb9u1
Affected by 6 other vulnerabilities.
VCID-6mg5-v1v5-7fcm
Aliases:
CVE-2015-5224
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
2.29.2-1+deb9u1
Affected by 6 other vulnerabilities.
VCID-8sfz-3j1k-9qdc
Aliases:
CVE-2011-1677
mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
2.20.1-5.3
Affected by 13 other vulnerabilities.
VCID-a48f-8j4j-c3c3
Aliases:
CVE-2014-9114
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
2.25.2-6
Affected by 11 other vulnerabilities.
VCID-atkm-qtr6-skbz
Aliases:
CVE-2021-3995
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
2.36.1-8+deb11u2
Affected by 2 other vulnerabilities.
VCID-bfgu-fqvj-qua8
Aliases:
CVE-2024-28085
util-linux: CVE-2024-28085: wall: escape sequence injection
2.36.1-8+deb11u2
Affected by 2 other vulnerabilities.
VCID-dpqu-apb4-vbbb
Aliases:
CVE-2006-7108
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
2.17.2-9
Affected by 15 other vulnerabilities.
VCID-ev6y-u4sw-7ba7
Aliases:
CVE-2015-5218
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
2.29.2-1+deb9u1
Affected by 6 other vulnerabilities.
VCID-g6x1-5jmt-nufu
Aliases:
CVE-2008-1926
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."
2.13.1.1-1
Affected by 16 other vulnerabilities.
VCID-jykg-cpvb-cbec
Aliases:
CVE-2016-2779
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
2.33.1-0.1
Affected by 4 other vulnerabilities.
VCID-nwyr-pbu6-77hv
Aliases:
CVE-2021-3996
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
2.36.1-8+deb11u2
Affected by 2 other vulnerabilities.
VCID-rn5d-2usk-8fdz
Aliases:
CVE-2021-37600
arbitrary code execution
2.36.1-8+deb11u2
Affected by 2 other vulnerabilities.
VCID-sahz-er9j-7fgd
Aliases:
CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
2.29.2-1+deb9u1
Affected by 6 other vulnerabilities.
2.33.1-0.1
Affected by 4 other vulnerabilities.
VCID-weba-b8x9-vyh5
Aliases:
CVE-2005-2876
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
2.12r-19
Affected by 18 other vulnerabilities.
VCID-wfz4-43wd-2fgc
Aliases:
CVE-2013-0157
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
2.25.2-6
Affected by 11 other vulnerabilities.
VCID-yb5x-m5sw-6fga
Aliases:
(+
CVE-2017-2616
fix)
regression
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
2.29.2-1+deb9u1
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T08:08:44.885884+00:00 Debian Oval Importer Affected by VCID-rn5d-2usk-8fdz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T07:08:00.672192+00:00 Debian Oval Importer Affected by VCID-nwyr-pbu6-77hv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T06:19:42.604684+00:00 Debian Oval Importer Affected by VCID-atkm-qtr6-skbz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T04:19:56.474077+00:00 Debian Oval Importer Affected by VCID-bfgu-fqvj-qua8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T03:30:54.609401+00:00 Debian Oval Importer Affected by VCID-jykg-cpvb-cbec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T03:25:51.805077+00:00 Debian Oval Importer Affected by VCID-1y4y-wz8e-b7ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T03:20:21.038320+00:00 Debian Oval Importer Affected by VCID-6mg5-v1v5-7fcm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T03:16:25.110984+00:00 Debian Oval Importer Affected by VCID-yb5x-m5sw-6fga https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T03:07:01.818562+00:00 Debian Oval Importer Affected by VCID-weba-b8x9-vyh5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:56:23.484954+00:00 Debian Oval Importer Affected by VCID-3qrr-p9p3-9qh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:48:49.809678+00:00 Debian Oval Importer Affected by VCID-dpqu-apb4-vbbb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:44:18.994402+00:00 Debian Oval Importer Affected by VCID-a48f-8j4j-c3c3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:20:55.973929+00:00 Debian Oval Importer Affected by VCID-sahz-er9j-7fgd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:57:52.763674+00:00 Debian Oval Importer Affected by VCID-wfz4-43wd-2fgc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:21:51.339210+00:00 Debian Oval Importer Affected by VCID-ev6y-u4sw-7ba7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T00:43:27.715948+00:00 Debian Oval Importer Affected by VCID-8sfz-3j1k-9qdc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T00:13:41.271789+00:00 Debian Oval Importer Affected by VCID-g6x1-5jmt-nufu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-05T23:50:54.776756+00:00 Debian Oval Importer Affected by VCID-3cgb-jerk-2yeh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-05T23:45:45.764293+00:00 Debian Oval Importer Affected by VCID-1fkf-pg88-67gm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-05T22:37:56.374913+00:00 Debian Oval Importer Affected by VCID-sahz-er9j-7fgd https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0