[SECURITY] [DSA 5650-1] util-linux security update

2024-03-3111:50:05

lists.debian.org

update

vulnerability

debian

cve-2024-28085

advisory

information disclosure

security

util-linux

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.1%

JSON

Debian Security Advisory DSA-5650-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
March 31, 2024 https://www.debian.org/security/faq

Package : util-linux
CVE ID : CVE-2024-28085
Debian Bug : 1067849

Skyler Ferrante discovered that the wall tool from util-linux does not
properly handle escape sequences from command line arguments. A local
attacker can take advantage of this flaw for information disclosure.

With this update wall and write are not anymore installed with setgid
tty.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.36.1-8+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 2.38.1-5+deb12u1.

We recommend that you upgrade your util-linux packages.

For the detailed security status of util-linux please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/util-linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11alllibblkid-dev< 2.36.1-8+deb11u2libblkid-dev_2.36.1-8+deb11u2_all.deb
Debian11alluuid-runtime< 2.36.1-8+deb11u2uuid-runtime_2.36.1-8+deb11u2_all.deb
Debianbookwormallutil-linux-extra< 2.38.1-5+deb12u1util-linux-extra_2.38.1-5+deb12u1_all.deb
Debianbookwormalleject< 2.38.1-5+deb12u1eject_2.38.1-5+deb12u1_all.deb
Debian11allrfkill< 2.36.1-8+deb11u2rfkill_2.36.1-8+deb11u2_all.deb
Debian11alllibfdisk1< 2.36.1-8+deb11u2libfdisk1_2.36.1-8+deb11u2_all.deb
Debian11allbsdextrautils< 2.36.1-8+deb11u2bsdextrautils_2.36.1-8+deb11u2_all.deb
Debian11allfdisk-udeb< 2.36.1-8+deb11u2fdisk-udeb_2.36.1-8+deb11u2_all.deb
Debianbookwormalllibmount-dev< 2.38.1-5+deb12u1libmount-dev_2.38.1-5+deb12u1_all.deb
Debianbookwormallmount< 2.38.1-5+deb12u1mount_2.38.1-5+deb12u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	libblkid-dev	< 2.36.1-8+deb11u2	libblkid-dev_2.36.1-8+deb11u2_all.deb
Debian	11	all	uuid-runtime	< 2.36.1-8+deb11u2	uuid-runtime_2.36.1-8+deb11u2_all.deb
Debian	bookworm	all	util-linux-extra	< 2.38.1-5+deb12u1	util-linux-extra_2.38.1-5+deb12u1_all.deb
Debian	bookworm	all	eject	< 2.38.1-5+deb12u1	eject_2.38.1-5+deb12u1_all.deb
Debian	11	all	rfkill	< 2.36.1-8+deb11u2	rfkill_2.36.1-8+deb11u2_all.deb
Debian	11	all	libfdisk1	< 2.36.1-8+deb11u2	libfdisk1_2.36.1-8+deb11u2_all.deb
Debian	11	all	bsdextrautils	< 2.36.1-8+deb11u2	bsdextrautils_2.36.1-8+deb11u2_all.deb
Debian	11	all	fdisk-udeb	< 2.36.1-8+deb11u2	fdisk-udeb_2.36.1-8+deb11u2_all.deb
Debian	bookworm	all	libmount-dev	< 2.38.1-5+deb12u1	libmount-dev_2.38.1-5+deb12u1_all.deb
Debian	bookworm	all	mount	< 2.38.1-5+deb12u1	mount_2.38.1-5+deb12u1_all.deb