UbuntuUpdates.org

Package "eject"

Name: eject

Description:

ejects CDs and operates CD-Changers under Linux

Latest version: 2.37.2-4ubuntu3.4
Release: jammy (22.04)
Level: security
Repository: main
Head package: util-linux
Homepage: https://www.kernel.org/pub/linux/utils/util-linux/

Links


Download "eject"


Other versions of "eject" in Jammy

Repository Area Version
base main 2.37.2-4ubuntu3
updates main 2.37.2-4ubuntu3.4

Changelog

Version: 2.37.2-4ubuntu3.4 2024-04-10 14:31:38 UTC

  util-linux (2.37.2-4ubuntu3.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
    - debian/rules: build with --disable-use-tty-group to properly remove
      setgid bit from both wall and write.
    - CVE-2024-28085

 -- Marc Deslauriers <email address hidden> Tue, 09 Apr 2024 11:32:56 -0400

Source diff to previous version
CVE-2024-28085 escape sequence Injection in wall

Version: 2.37.2-4ubuntu3.3 2024-03-27 17:07:02 UTC

  util-linux (2.37.2-4ubuntu3.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle
      wide characters in include/carefulputc.h, login-utils/last.c,
      term-utils/write.c.
    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew
      buffering to open_memstream() in term-utils/wall.c.
    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use
      fputs_careful() in include/carefulputc.h, login-utils/last.c,
      term-utils/wall.c, term-utils/write.c.
    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on
      the terminal in term-utils/wall.c.
    - CVE-2024-28085

 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2024 08:25:19 -0400

CVE-2024-28085 escape sequence Injection in wall



About   -   Send Feedback to @ubuntu_updates