From d4178c526bb2b3ea17c1a4d8fe9a56f77e3cc033 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Mon, 24 Jan 2022 10:08:27 +0100 Subject: [PATCH] docs: add v2.37.3-ReleaseNotes Signed-off-by: Karel Zak --- Documentation/releases/v2.37.3-ReleaseNotes | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 Documentation/releases/v2.37.3-ReleaseNotes diff --git a/Documentation/releases/v2.37.3-ReleaseNotes b/Documentation/releases/v2.37.3-ReleaseNotes new file mode 100644 index 0000000000..f0dde289ea --- /dev/null +++ b/Documentation/releases/v2.37.3-ReleaseNotes @@ -0,0 +1,13 @@ +util-linux 2.37.3 Release Notes +=============================== + +This release fixes two security mount(8) and umount(8) issues: + +CVE-2021-3996 + Improper UID check in libmount allows an unprivileged user to unmount FUSE + filesystems of users with similar UID. + +CVE-2021-3995 + This issue is related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. -- 2.47.2