Search for packages
Package details: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1
purl pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1
Next non-vulnerable version 2.36.1-8+deb11u2
Latest non-vulnerable version 2.36.1-8+deb11u2
Risk 3.9
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-48cm-kxb5-aaag
Aliases:
CVE-2016-2779
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
2.33.1-0.1
Affected by 4 other vulnerabilities.
VCID-76cx-g8f5-aaad
Aliases:
CVE-2024-28085
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
2.36.1-8+deb11u2
Affected by 0 other vulnerabilities.
VCID-9hwf-nqgn-aaaa
Aliases:
CVE-2021-37600
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
2.36.1-8+deb11u1
Affected by 0 other vulnerabilities.
2.36.1-8+deb11u2
Affected by 0 other vulnerabilities.
VCID-a8gu-kbtv-aaak
Aliases:
CVE-2021-3995
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
2.36.1-8+deb11u2
Affected by 0 other vulnerabilities.
VCID-f1h6-9jeh-aaae
Aliases:
CVE-2021-3996
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
2.36.1-8+deb11u2
Affected by 0 other vulnerabilities.
VCID-xgvn-7emk-aaaj
Aliases:
CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
2.33.1-0.1
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-gbv5-x3jb-aaab Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. CVE-2015-5218
VCID-ma24-ndtz-aaas An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. CVE-2020-21583
VCID-n9v7-sg5s-aaac A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. (+
CVE-2017-2616
fix)
regression
VCID-whk3-h4jk-aaag The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. CVE-2015-5224
VCID-xgvn-7emk-aaaj In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. CVE-2018-7738
VCID-xkfe-mpjz-aaap The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. CVE-2016-5011

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:11:17.552590+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:01:38.438181+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:11:08.319088+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:17:23.889879+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:32:39.576015+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:05:03.889795+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:39:12.693072+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:25:34.198996+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:52:46.741655+00:00 Debian Oval Importer Fixing VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T08:54:50.948984+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas None 36.1.3
2025-06-21T02:52:27.340555+00:00 Debian Oval Importer Affected by VCID-f1h6-9jeh-aaae None 36.1.3
2025-06-21T02:39:57.589573+00:00 Debian Oval Importer Affected by VCID-a8gu-kbtv-aaak None 36.1.3
2025-06-21T01:38:40.390473+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa None 36.1.3
2025-06-21T00:58:33.942621+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag None 36.1.3
2025-06-21T00:27:05.444228+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag None 36.1.3
2025-06-20T23:26:30.429652+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj None 36.1.3
2025-06-20T23:01:47.593476+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap None 36.1.3
2025-06-20T22:09:06.877570+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac None 36.1.3
2025-06-20T21:03:18.528400+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab None 36.1.3
2025-06-20T19:56:12.752646+00:00 Debian Oval Importer Fixing VCID-xgvn-7emk-aaaj None 36.1.3
2025-06-08T13:19:03.881226+00:00 Debian Oval Importer Affected by VCID-f1h6-9jeh-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:59:45.586757+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:35:32.271770+00:00 Debian Oval Importer Affected by VCID-a8gu-kbtv-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:40:11.043423+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:33:20.501050+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:52:54.385579+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:11:13.897504+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:25:42.859178+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:58:55.543840+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:33:29.915464+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:26:42.755627+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:27:31.304745+00:00 Debian Oval Importer Fixing VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T02:41:18.354122+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas None 36.1.0
2025-06-07T20:19:49.595487+00:00 Debian Oval Importer Affected by VCID-f1h6-9jeh-aaae None 36.1.0
2025-06-07T20:04:54.320940+00:00 Debian Oval Importer Affected by VCID-a8gu-kbtv-aaak None 36.1.0
2025-06-07T19:01:45.773667+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa None 36.1.0
2025-06-07T18:20:58.396195+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag None 36.1.0
2025-06-07T17:49:49.105909+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag None 36.1.0
2025-06-07T16:49:25.222097+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj None 36.1.0
2025-06-07T16:24:56.922806+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap None 36.1.0
2025-06-07T15:33:05.141198+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac None 36.1.0
2025-06-07T14:29:51.352794+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab None 36.1.0
2025-06-07T13:46:29.361926+00:00 Debian Oval Importer Fixing VCID-xgvn-7emk-aaaj None 36.1.0
2025-04-12T23:13:34.973019+00:00 Debian Oval Importer Affected by VCID-76cx-g8f5-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T23:11:36.777766+00:00 Debian Oval Importer Affected by VCID-76cx-g8f5-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T23:03:29.477754+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T21:47:30.003594+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:40:35.019297+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:32:35.828353+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:27:05.792294+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:59:03.728178+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:09:20.267508+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:07:08.563471+00:00 Debian Oval Importer Affected by VCID-f1h6-9jeh-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:47:06.733668+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:22:04.231253+00:00 Debian Oval Importer Affected by VCID-a8gu-kbtv-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:24:52.670560+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:14:41.784520+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:25:06.823009+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:43:12.895071+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:58:21.572519+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:31:31.273994+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:05:44.920076+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:57:55.559938+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:57:36.563680+00:00 Debian Oval Importer Fixing VCID-xgvn-7emk-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T01:08:37.068506+00:00 Debian Oval Importer Fixing VCID-ma24-ndtz-aaas None 36.0.0
2025-04-07T18:55:09.923151+00:00 Debian Oval Importer Affected by VCID-f1h6-9jeh-aaae None 36.0.0
2025-04-07T18:42:11.675442+00:00 Debian Oval Importer Affected by VCID-a8gu-kbtv-aaak None 36.0.0
2025-04-07T17:39:37.378472+00:00 Debian Oval Importer Affected by VCID-9hwf-nqgn-aaaa None 36.0.0
2025-04-07T16:58:34.217986+00:00 Debian Oval Importer Affected by VCID-48cm-kxb5-aaag None 36.0.0
2025-04-07T16:26:23.765120+00:00 Debian Oval Importer Fixing VCID-whk3-h4jk-aaag None 36.0.0
2025-04-07T15:22:08.549681+00:00 Debian Oval Importer Affected by VCID-xgvn-7emk-aaaj None 36.0.0
2025-04-07T14:56:50.289910+00:00 Debian Oval Importer Fixing VCID-xkfe-mpjz-aaap None 36.0.0
2025-04-07T14:04:04.908819+00:00 Debian Oval Importer Fixing VCID-n9v7-sg5s-aaac None 36.0.0
2025-04-07T13:02:04.596210+00:00 Debian Oval Importer Fixing VCID-gbv5-x3jb-aaab None 36.0.0
2025-04-07T12:21:38.758754+00:00 Debian Oval Importer Fixing VCID-xgvn-7emk-aaaj None 36.0.0
2025-04-06T20:08:00.722315+00:00 Debian Importer Affected by VCID-48cm-kxb5-aaag None 36.0.0
2025-04-06T16:49:58.048267+00:00 Debian Importer Affected by VCID-9hwf-nqgn-aaaa None 36.0.0
2025-02-20T03:07:00.362229+00:00 Debian Importer Affected by VCID-9hwf-nqgn-aaaa None 35.1.0
2025-02-18T16:52:09.716842+00:00 Debian Importer Affected by VCID-48cm-kxb5-aaag None 35.1.0
2024-04-25T02:14:13.339283+00:00 Debian Importer Affected by VCID-9hwf-nqgn-aaaa None 34.0.0rc4
2024-04-24T10:06:07.384373+00:00 Debian Importer Affected by VCID-48cm-kxb5-aaag None 34.0.0rc4
2024-01-11T03:24:39.733395+00:00 Debian Importer Affected by VCID-9hwf-nqgn-aaaa None 34.0.0rc2
2024-01-10T11:54:00.679458+00:00 Debian Importer Affected by VCID-48cm-kxb5-aaag None 34.0.0rc2
2024-01-04T15:23:15.149378+00:00 Debian Importer Affected by VCID-9hwf-nqgn-aaaa None 34.0.0rc1
2024-01-04T03:49:39.932226+00:00 Debian Importer Affected by VCID-48cm-kxb5-aaag None 34.0.0rc1