util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems.
It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths.
An attacker controlling a volume label could entice a user with privileges to mount/umount filesystems to use umount command with auto completion, possibly resulting in execution of arbitrary code with root privileges.
Disable Bash-completion or remove “/usr/share/bash-completion/completions/umount”.
All util-linux users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.30.2-r1"