Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

security: fix CVE-2021-3995, CVE-2021-3996 #1241

Merged
merged 1 commit into from Jan 25, 2022
Merged

security: fix CVE-2021-3995, CVE-2021-3996 #1241

merged 1 commit into from Jan 25, 2022

Conversation

aramase
Copy link
Member

@aramase aramase commented Jan 25, 2022

Signed-off-by: Anish Ramasekar anish.ramasekar@gmail.com

Reason for Change:

+----------+------------------+----------+-------------------+------------------+--------------------------------------+
| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |  FIXED VERSION   |                TITLE                 |
+----------+------------------+----------+-------------------+------------------+--------------------------------------+
| bsdutils | CVE-2021-3995    | MEDIUM   | 2.36.1-8          | 2.36.1-8+deb11u1 | util-linux: Unauthorized unmount     |
|          |                  |          |                   |                  | of FUSE filesystems belonging        |
|          |                  |          |                   |                  | to users with similar uid...         |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2021-3995 |
+          +------------------+          +                   +                  +--------------------------------------+
|          | CVE-2021-3996    |          |                   |                  | util-linux: Unauthorized unmount     |
|          |                  |          |                   |                  | of filesystems in libmount           |
|          |                  |          |                   |                  | -->avd.aquasec.com/nvd/cve-2021-3996 |
+----------+------------------+----------+-------------------+------------------+--------------------------------------+

Requirements

  • squashed commits
  • included documentation
  • added unit tests and e2e tests (if applicable). See test standard for more details.
  • ran make precommit

Issue Fixed:

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

  • yes
  • no

Notes for Reviewers:

@aramase
security: fix CVE-2021-3995, CVE-2021-3996
51d4389 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
@codecov
Copy link

codecov bot commented Jan 25, 2022

Codecov Report

Merging #1241 (51d4389) into master (6dc82f9) will decrease coverage by 0.36%.
The diff coverage is 32.25%.

@@            Coverage Diff             @@
##           master    #1241      +/-   ##
==========================================
- Coverage   36.29%   35.93%   -0.37%     
==========================================
  Files          27       32       +5     
  Lines        2915     4403    +1488     
==========================================
+ Hits         1058     1582     +524     
- Misses       1778     2736     +958     
- Partials       79       85       +6

@aramase aramase requested a review from chewong January 25, 2022 18:43
@aramase aramase merged commit f1f0e4f into Azure:master Jan 25, 2022
@aramase aramase deleted the CVE-2021-3995 branch January 25, 2022 21:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chewong chewong chewong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aramase @chewong