CVE-2022-0563 The chfn and chsh utilities have a flaw when compiled with Readline support. The Readline library uses INPUTRC to get a path to the library config file.

chfn and chsh are not normally used by end users. On Red Hat-based systems, it is recommended to update these utilities.

On Debian-based systems, you can install the util-linux package from the Critical package repository.
The latest version is available on the vendor’s website.

A race condition was discovered in the keyring key management system of util-linux. A keyring is a database of passwords, SSH keys, or other credentials used to authenticate users or provide access to a system. A race condition occurs when two or more actions occur at the same time and one of them fails. This can lead to failure or disclosure of sensitive data. This issue affects util-linux versions 2.31 through 2.36 and 2.37 through 2.38.

An issue was discovered in the 'mkinitcpio' initramfs generation tool of util-linux. An initramfs is a compressed cpio image file that is loaded by the kernel at boot time. The initramfs is the first step in the boot process and contains the file system, boot loader, and other essential parts of the system. An issue occurs when the 'mkinitcpio' tool is not compiled with a hardening option. This issue affects util-linux versions 2.32 through 2.36 and 2.37 through 2.38.

An issue was discovered in the udev udevmonitor daemon of util

What is util-linux? util-linux is a collection of tools for managing and inspecting the hardware on a Linux system. Some of the more common utilities include mdadm, fdisk, and lvm.

The latest version can be downloaded from http://www.kernel.org/pub/linux/utils/util-linux/.

Dependency Resolution

Dependencies for util-linux/2.37:
dnsutils=4.1.1-3
libpam0g=0.99-2
util-linux=2.35-11

Install util-linux if you don't have it yet

The following command will install util-linux on a Debian-based system.

sudo apt-get install libuuid-dev libblkid-dev libyaml-dev libselinux1-dev autoconf automake build-essential linux-headers-$(uname -r)
debootstrap --arch=amd64 --variant=minbase --install=xenial bionic
cd /tmp/root && wget http://ftp.us.debian.org/debian/pool/main/u/util-linux/util_2.35.tar.xz
tar xvfj util_2.35.tar.xz && cd util_2.35
sudo ./configure --prefix=/usr && make && sudo make install
In order to update the chfn and chsh utilities on Red Hat systems, use the following command:
yum -y install 'mkinitcpio-utils'

Timeline

Published on: 02/21/2022 19:15:00 UTC
Last modified on: 06/03/2022 14:15:00 UTC

References

• https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
• https://security.netapp.com/advisory/ntap-20220331-0002/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0563