** Changed in: util-linux (Ubuntu) Status: New => Confirmed ** Changed in: util-linux (Ubuntu) Importance: Undecided => Low
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1792967 Title: CVE-2018-7738 - command execution via unmount's bash-completion Status in util-linux package in Ubuntu: Confirmed Bug description: "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion." https://security-tracker.debian.org/tracker/CVE-2018-7738 Here is the patch that Debian applied earlier: https://salsa.debian.org/debian/util-linux/blob/1d518f8b38e81cfcc6e0cd1ecbf9ea72d568e53a/debian/patches/bash-completion-umount-use-findmnt-escape-a-space-in.patch It's already been fixed in cosmic but needs to be fixed in bionic. I saw this link on social media this weekend: https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1792967/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp