Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in util-linux
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in util-linux
ID: USN-6719-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10
Datum: Mi, 27. März 2024, 22:46
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28085
Applikationen: util-linux

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1817870641400620439==
Content-Language: en-CA
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------jZtNY8jl6ue4cSc40Bc5N07b"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------jZtNY8jl6ue4cSc40Bc5N07b
Content-Type: multipart/mixed;
boundary="------------FT0MIiGttzJJ0b8Pr6bVoL1n";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <55f7f5aa-02d4-4e8e-85c7-b5622462ae57@canonical.com>
Subject: [USN-6719-1] util-linux vulnerability

--------------FT0MIiGttzJJ0b8Pr6bVoL1n
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6719-1
March 27, 2024

util-linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

util-linux could be made to expose sensitive information.

Software Description:
- util-linux: miscellaneous system utilities

Details:

Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
util-linux 2.39.1-4ubuntu2.1

Ubuntu 22.04 LTS:
util-linux 2.37.2-4ubuntu3.3

Ubuntu 20.04 LTS:
util-linux 2.34-0.1ubuntu9.5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6719-1
CVE-2024-28085

Package Information:
https://launchpad.net/ubuntu/+source/util-linux/2.39.1-4ubuntu2.1
https://launchpad.net/ubuntu/+source/util-linux/2.37.2-4ubuntu3.3
https://launchpad.net/ubuntu/+source/util-linux/2.34-0.1ubuntu9.5

--------------FT0MIiGttzJJ0b8Pr6bVoL1n--

--------------jZtNY8jl6ue4cSc40Bc5N07b
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYET/4ACgkQZWnYVadE
vpOCQg//YS1NgGGmKnUI9UriNKwqObC1SMgWnC1CEdqRbi8rqDgnGN1WsOa/Nnhe
dAwfQkOxTUfeez8ZjXGBDGDN4Z468GHbpmA87CyXhUfRm2YOK4B49VP+3OJpaIX3
hWgzN4yjHWhAfCsaFUHyimFWYdQsw8zIvGcXKJMuHLyDVK4otvRncsLwnoWqoj97
Xe73tws+ijwxVWye3gpj1wlfPQoah8++aRRYyQBDSysjATiAluzy33MSJ3WQ8qO9
Zm7XmbCuhnBfLYf6CpLYfxQERuL1BNXe86yLik0bJCxlXdb+EVKcrMZtc47/D82X
2RrgjHs5ukS4hl9ENt2IR64Jehl9BOJ90TE0riqlwWPn0tohYTWKF5qI45qkttiN
iAFo9fA1O7Hy4KjWsqTLgFc618a/JyWBPvbKoajKCx9NhMb5ePQwPIa92nDZAH70
KGLeaZngnIinq+t95mZaBIatssjUN7qfXpHZe8OL+w5z4voxt2oTk9Zdjk71PWMP
kmTHzjEFJy7EaZhF6XNt92jtHaBaokpbcnch8N3MqrWNBThwVEcwL4NS7FizDkwU
Q/E4UlMru5pjGfVRwCHj28gCh/Q7b88btl/gH8qG63y5nrnCr3klChW4o4vOxts3
17F4jHUIy+YpttF0N8RXS08j1VoBCz7+hw78DNu2yKLmga8iU2w=
=+hk4
-----END PGP SIGNATURE-----

--------------jZtNY8jl6ue4cSc40Bc5N07b--


--===============1817870641400620439==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1817870641400620439==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung