Ubuntu Linux: Improper Hostname Handling in Login Program

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Ubuntu Linux: Improper Hostname Handling in Login Program

SUSE-SU-2026:1406-1

Summary

An update for Ubuntu Linux fixes a security issue that could allow an attacker to bypass access controls using the login program. Additionally, the update addresses issues with partition management and file system recognition. Affected users should apply the update to ensure their system is secure and stable.

What to do

Update util-linux to version 2.40.4-150700.4.10.1.
Update util-linux-systemd to version 2.40.4-150700.4.10.1.

Affected software

Ecosystem	Vendor	Product	Affected versions
SUSE:Linux Enterprise Module for Basesystem 15 SP7	–	util-linux	< 2.40.4-150700.4.10.1 Fix: upgrade to 2.40.4-150700.4.10.1
SUSE:Linux Enterprise Module for Basesystem 15 SP7	–	util-linux-systemd	< 2.40.4-150700.4.10.1 Fix: upgrade to 2.40.4-150700.4.10.1
SUSE:Linux Enterprise Module for Server Applications 15 SP7	–	util-linux-systemd	< 2.40.4-150700.4.10.1 Fix: upgrade to 2.40.4-150700.4.10.1

Original title

Security update for util-linux

Original description

This update for util-linux fixes the following issues:

Security issue:

- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).

Non security issues:

- recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).

https://www.suse.com/support/update/announcement/2026/suse-su-20261406-1/ Vendor Advisory
https://bugzilla.suse.com/1222465 Third Party Advisory
https://bugzilla.suse.com/1234736 Third Party Advisory
https://bugzilla.suse.com/1258859 Third Party Advisory
https://www.suse.com/security/cve/CVE-2026-3184 URL

Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026