[{"id":3679491,"web_url":"http://patchwork.ozlabs.org/comment/3679491/","msgid":"<9cd836be0bc0e28b30cc77a1ee4243a7@free.fr>","list_archive_url":null,"date":"2026-04-20T17:23:18","subject":"Re: [Buildroot] [PATCH] package/util-linux: security bump to 2.41.4","submitter":{"id":80537,"url":"http://patchwork.ozlabs.org/api/people/80537/","name":"Julien Olivain","email":"ju.o@free.fr"},"content":"On 20/04/2026 16:28, Marcus Hoffmann via buildroot wrote:\n> Security fixes:\n> \n>  CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device.\n>    The SUID mount follows symlinks when resolving loop backing file\n>    paths. On systems where non-root users are permitted to mount loop\n>    devices (via 'user' option in fstab), this allows access to\n>    arbitrary files.\n> \n>  CWE-190 - Integer overflow in libblkid parse_dos_extended().\n>    A crafted MBR disk image can cause uint32_t wraparound in EBR\n>    chain processing, causing reported partitions to not match the\n>    on-disk layout. Tools like udisks may then register a partition\n>    at logical sector 0.\n> \n> Full release notes: \n> https://www.kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.4-ReleaseNotes\n> \n> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>\n\nApplied to master, thanks.","headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=a6GD29T7;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzslS2fBJz1yGs\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Tue, 21 Apr 2026 03:23:32 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id F1D6441115;\n\tMon, 20 Apr 2026 17:23:25 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id k8ueuZODrdG5; Mon, 20 Apr 2026 17:23:25 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 3471141110;\n\tMon, 20 Apr 2026 17:23:25 +0000 (UTC)","from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n by lists1.osuosl.org (Postfix) with ESMTP id DFBC5257\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 17:23:23 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id D0E7E82CAC\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 17:23:23 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Dpw-4qCx2Kd9 for <buildroot@buildroot.org>;\n Mon, 20 Apr 2026 17:23:23 +0000 (UTC)","from smtp6-g21.free.fr (smtp6-g21.free.fr [212.27.42.6])\n by smtp1.osuosl.org (Postfix) with ESMTPS id A8A5182BA1\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 17:23:22 +0000 (UTC)","from webmail.free.fr (unknown [172.20.246.1])\n (Authenticated sender: ju.o@free.fr)\n by smtp6-g21.free.fr (Postfix) with ESMTPA id B843A780395;\n Mon, 20 Apr 2026 19:23:18 +0200 (CEST)","from 2a01:e0a:1065:2100:52d9:65fe:2df3:c492\n via 2a01:e0a:1065:2100:52d9:65fe:2df3:c492 by webmail.free.fr\n with HTTP (HTTP/1.0 POST); Mon, 20 Apr 2026 19:23:18 +0200"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org 3471141110","OpenDKIM Filter v2.11.0 smtp1.osuosl.org A8A5182BA1"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776705805;\n\tbh=Jllkst/YWS46yG8uSNLTCBY8m/EfVL7ZtJH6k8kpoD8=;\n\th=Date:To:Cc:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From:Reply-To:From;\n\tb=a6GD29T7aoAumqxxgCVmi4awTrb0X7SgyBn3vk+SX4CX997xaBg0giT/hoJ9VXaVi\n\t hEMewP1bFDWZKAEP2+XUX6qScQfcLqSrWDsoF/iz+XyXtC6dNXOm1lnEkp0rRedaOS\n\t g132KwJkTLaeaZrM2h74bNwwJjvte29yQTAJmjSPDfaHeHZXK+BXfCBADwsDTf6Y2e\n\t WqiKDMmfyJzPjB9vR8KZb1Qc5OnzERVerTkPXNPVHh9B/KfEHzLZsfZunu9CiVL2tE\n\t rJB0ScLd+Ho860LNP7YCu5RQ0xVQk9RDHM544UZf8OBcniOPIOdwxBlTCEX7JFbHmX\n\t f/mrq4H6zcYfQ==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=212.27.42.6;\n helo=smtp6-g21.free.fr; envelope-from=ju.o@free.fr; receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp1.osuosl.org A8A5182BA1","MIME-Version":"1.0","Date":"Mon, 20 Apr 2026 19:23:18 +0200","To":"Marcus Hoffmann <buildroot@bubu1.eu>","Cc":"buildroot@buildroot.org, Giulio Benetti\n <giulio.benetti@benettiengineering.com>","In-Reply-To":"<20260420142814.753135-1-buildroot@bubu1.eu>","References":"<20260420142814.753135-1-buildroot@bubu1.eu>","User-Agent":"Webmail Free/1.6.14","Message-ID":"<9cd836be0bc0e28b30cc77a1ee4243a7@free.fr>","X-Sender":"ju.o@free.fr","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple;\n d=free.fr; s=smtp-20201208; t=1776705801;\n bh=e3m1a6FzPsK1Y1BYEeUDKrnbRmrNBJd8euuMJ2nk5N8=;\n h=Date:From:To:Cc:Subject:In-Reply-To:References:From;\n b=px4UywxBw5fDwwO4eBXXfWPF4WUoN4xWnua4V7c5xhipT9XlSafjwogOrd/K6n/Y8\n 3lGauMgz2+hT40QpGJdnbAVf9ReHS4cr+i/MwttPbqTlUIxXWRPA3AV11BCTnDOiud\n fafsyqGPCOyhi6ygQbkWxf0Rhfm+hQau1gs0Vd+RYhnvEHT2rZDytibHIv1caGs7T0\n pclL6Zu5aGx0q6XUimN5oH9BM2ZU4cUC+TDV/3uFI9dnfE2fW1w8mSgVZEL//xKquA\n PbLTFANvywC3nDd8DomMM9vkM+DoumJEluKUGwL+uBQThlVjyw15XIyDm/QyN86hWm\n 6oE8npWY+8FPQ==","X-Mailman-Original-Authentication-Results":["smtp1.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=free.fr","smtp1.osuosl.org;\n dkim=pass (2048-bit key) header.d=free.fr header.i=@free.fr\n header.a=rsa-sha256 header.s=smtp-20201208 header.b=px4UywxB"],"Subject":"Re: [Buildroot] [PATCH] package/util-linux: security bump to 2.41.4","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","From":"Julien Olivain via buildroot <buildroot@buildroot.org>","Reply-To":"Julien Olivain <ju.o@free.fr>","Content-Transfer-Encoding":"7bit","Content-Type":"text/plain; charset=\"us-ascii\"; Format=\"flowed\"","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"}}]