main/util-linux: security upgrade to 2.41.4

fix: CVE-2026-27456 and CWE-190 Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux.
2026-05-05 04:16:46 +02:00 · 2026-04-07 16:34:25 +00:00 · 2026-04-07 16:34:25 +00:00 · e9740b1ddf
commit e9740b1ddf
parent a04c9a2038
1 changed files with 5 additions and 3 deletions
--- a/main/util-linux/APKBUILD
+++ b/main/util-linux/APKBUILD
@ -2,8 +2,8 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=util-linux
-pkgver=2.41.3
-pkgrel=1
+pkgver=2.41.4
+pkgrel=0
 pkgdesc="Random collection of Linux utilities"
 url="https://git.kernel.org/cgit/utils/util-linux/util-linux.git"
 arch="all"
@ -93,6 +93,8 @@ source="https://www.kernel.org/pub/linux/utils/util-linux/v$_v/util-linux-$pkgve
 	"

 # secfixes:
+#   2.41.4-r0:
+#     - CVE-2026-27456
 #   2.40-r0:
 #     - CVE-2024-28085
 #   2.37.4-r0:
@ -381,7 +383,7 @@ _py3() {
 }

 sha512sums="
-3d299f0e05a4c982a04dbcbaaeff1222152feedf51c56c5dbdeb75999c68269d652a994f5cdf4c1ee42bb7b28475dd0792192c299fd9bc3b45198c5b153dad00  util-linux-2.41.3.tar.xz
+c21ad77b787ab5892169c80cbec1ba46ed6bba36c1db278f2d1cd8712ae237f5cd25bfd20f2dc638334d1c47c5ff6102703147147d42f71c995bd397e735691a  util-linux-2.41.4.tar.xz
 c1c9cd816d20582438cda75a9c0ea4e687eee124e657172729aff410f52558be19cc5d649dae07c03f7618411e5aa6c23bcebc3fdf25529517a61b6b343966ef  utmps.patch
 876bb9041eca1b2cca1e9aac898f282db576f7860aba690a95c0ac629d7c5b2cdeccba504dda87ff55c2a10b67165985ce16ca41a0694a267507e1e0cafd46d9  ttydefaults.h
 401d2ccbdbfb0ebd573ac616c1077e2c2b79ff03e9221007759d8ac25eb522c401f705abbf7daac183d5e8017982b8ec5dd0a5ebad39507c5bb0a9f31f04ee97  rfkill.confd