util-linux: Fix CVE-2024-28085 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-05-29 06:13:28 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-06-01 19:07:52 -0700
commit	ec87d3ca28273d5bb0d38d82566e4d1bca93e31a (patch)
tree	00e54ca636126465d1ebe9408d78cf4237227808 /documentation/sdk-manual/appendix-customizing.rst
parent	b0b5da10e13fe264e34a60e82ab06139f7ba7fd5 (diff)
download	poky-ec87d3ca28273d5bb0d38d82566e4d1bca93e31a.tar.gz

util-linux: Fix CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. CVE-2024-28085-0005 is the CVE fix and CVE-2024-28085-0001, CVE-2024-28085-0002, CVE-2024-28085-0003, CVE-2024-28085-0004 are dependent commits to fix the CVE. References: https://nvd.nist.gov/vuln/detail/CVE-2024-28085 (From OE-Core rev: 28d9f948536dfee2330e4cfd225c932d20d688f1) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/sdk-manual/appendix-customizing.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: