SUSE SLES12: libblkid1 / libblkid1-32bit / libfdisk1 / libmount1 / etc (SUSE-SU-2021:3463-1)

medium Nessus Plugin ID 154256

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3463-1 advisory.

- CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements.
(bsc#1188921)
- Prevent outdated pam files (bsc#1082293, bsc#1081947#c68).
- Do not trim read-only volumes (bsc#1106214).
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add RemainAfterExit=yes (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196)
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235)
- nologin: Add support for -c to prevent error from su -c. (bsc#1151708)
- Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389)
- libblkid: Do not trigger CDROM autoclose. (bsc#1084671)
- Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514)
- Build with libudev support to support non-root users. (bsc#1169006)
- lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix for warning on mounts to CIFS with mount. (SG#57988, bsc#1174942)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1081947

https://bugzilla.suse.com/1082293

https://bugzilla.suse.com/1084671

https://bugzilla.suse.com/1085196

https://bugzilla.suse.com/1106214

https://bugzilla.suse.com/1122417

https://bugzilla.suse.com/1125886

https://bugzilla.suse.com/1135534

https://bugzilla.suse.com/1135708

https://bugzilla.suse.com/1151708

https://bugzilla.suse.com/1168235

https://bugzilla.suse.com/1168389

https://bugzilla.suse.com/1169006

https://bugzilla.suse.com/1174942

https://bugzilla.suse.com/1175514

https://bugzilla.suse.com/1175623

https://bugzilla.suse.com/1178236

https://bugzilla.suse.com/1178554

https://bugzilla.suse.com/1178825

https://bugzilla.suse.com/1188921

https://www.suse.com/security/cve/CVE-2021-37600

http://www.nessus.org/u?d48f9cd6

Plugin Details

Severity: Medium

ID: 154256

File Name: suse_SU-2021-3463-1.nasl

Version: 1.5

Type: Local

Agent: unix

Published: 10/20/2021

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Low

Base Score: 1.2

Temporal Score: 0.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-37600

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:libblkid1, p-cpe:/a:novell:suse_linux:libmount1, p-cpe:/a:novell:suse_linux:libsmartcols1, p-cpe:/a:novell:suse_linux:libuuid1, p-cpe:/a:novell:suse_linux:python-libmount, p-cpe:/a:novell:suse_linux:util-linux, p-cpe:/a:novell:suse_linux:util-linux-systemd, p-cpe:/a:novell:suse_linux:uuidd, p-cpe:/a:novell:suse_linux:libfdisk1, p-cpe:/a:novell:suse_linux:libblkid1-32bit, p-cpe:/a:novell:suse_linux:libmount1-32bit, p-cpe:/a:novell:suse_linux:libuuid1-32bit, p-cpe:/a:novell:suse_linux:util-linux-lang

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/19/2021

Vulnerability Publication Date: 7/30/2021

Reference Information

CVE: CVE-2021-37600

SuSE: SUSE-SU-2021:3463-1