Security update for util-linux

Announcement ID:	SUSE-SU-2025:20304-1
Release Date:	2025-05-08T12:25:53Z
Rating:	important
References:	bsc#1159034 bsc#1194818 bsc#1218609 bsc#1220117 bsc#1221831 bsc#1223605 bsc#1224285 bsc#1225197 bsc#1225598 bsc#1229476
Cross-References:	CVE-2024-28085
CVSS scores:	CVE-2024-28085 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVE-2024-28085 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products:	SUSE Linux Micro 6.1

An update that solves one vulnerability and has nine fixes can now be installed.

Description:

This update for util-linux fixes the following issues:

Updated to version 2.40.4:
agetty: Prevent cursor escape (bsc#1194818)
chcpu(8): Document CPU deconfiguring behavior
fdisk: SGI fixes
hardlink: fix memory corruption
hardlink.1 directory|file is mandatory
lib/env: fix env_list_setenv() for strings without '='
libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems
libfdisk: make sure libblkid uses the same sector size
libmount: extract common error handling function propagate first error of multiple filesystem types
logger: correctly format tv_usec
lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476)
lsns: ignore ESRCH errors reported when accessing files under /proc
mkswap: set selinux label also when creating file
more: make sure we have data on stderr
nsenter: support empty environ
umount, losetup: Document loop destroy behavior (bsc#1159034).
uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf
Refresh util-linux.keyring. Key validity was extended.
Update to version 2.40.2:
cfdisk: fix possible integer overflow
libmount: improving robustness in reading kernel messages, add pidfs to pseudo fs list
lscpu: New Arm Cortex part numbers fix hang of lscpu -e (bsc#1225598)
lsfd: Refactor the pidfd logic, support pidfs
mkswap.8.adoc: update note regarding swapfile creation
setpgid: make -f work
Enable kernel mountfd API, as it should be already stable (PED-9752).
Move autoreconf back to %build.
Add devel dependencies.
Remove util-linux-rpmlintrc. It is no more needed with multibuild.
uncomment "autoreconf --install" to use the new version of automake
disable libmagic in more(1) for binary detection (bsc#1225197)
add support for pidfs in kernel 6.9 (bsc#1224285)
Update to version 2.40.1:
more: clean processes not cleaned up after failed SSH session using up 100% CPU (bsc#1220117)
CVE-2024-28085: Fixed improper neutralization of escape sequences in wall (bsc#1221831)
chcpu: document limitations of -g (bsc#1218609)
lscpu: even more Arm part numbers (bsc#1223605)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Micro 6.1
zypper in -t patch SUSE-SLE-Micro-6.1-95=1

Package List:

SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
- libmount1-debuginfo-2.40.4-slfo.1.1_1.1
- libuuid1-2.40.4-slfo.1.1_1.1
- libblkid1-debuginfo-2.40.4-slfo.1.1_1.1
- libmount1-2.40.4-slfo.1.1_1.1
- util-linux-systemd-debugsource-2.40.4-slfo.1.1_1.1
- lastlog2-2.40.4-slfo.1.1_1.1
- libsmartcols1-2.40.4-slfo.1.1_1.1
- lastlog2-debuginfo-2.40.4-slfo.1.1_1.1
- liblastlog2-2-debuginfo-2.40.4-slfo.1.1_1.1
- util-linux-debuginfo-2.40.4-slfo.1.1_1.1
- libuuid1-debuginfo-2.40.4-slfo.1.1_1.1
- util-linux-2.40.4-slfo.1.1_1.1
- util-linux-systemd-2.40.4-slfo.1.1_1.1
- util-linux-systemd-debuginfo-2.40.4-slfo.1.1_1.1
- libfdisk1-2.40.4-slfo.1.1_1.1
- libsmartcols1-debuginfo-2.40.4-slfo.1.1_1.1
- util-linux-debugsource-2.40.4-slfo.1.1_1.1
- liblastlog2-2-2.40.4-slfo.1.1_1.1
- libblkid1-2.40.4-slfo.1.1_1.1
- libfdisk1-debuginfo-2.40.4-slfo.1.1_1.1

Security update for util-linux

Description:

Patch Instructions:

Package List:

References: