UbuntuUpdates.org

Package "util-linux"

Name: util-linux

Description:

miscellaneous system utilities

Latest version: 2.37.2-4ubuntu3.4
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.kernel.org/pub/linux/utils/util-linux/

Links


Download "util-linux"


Other versions of "util-linux" in Jammy

Repository Area Version
base main 2.37.2-4ubuntu3
updates main 2.37.2-4ubuntu3.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.37.2-4ubuntu3.4 2024-04-10 14:31:38 UTC

  util-linux (2.37.2-4ubuntu3.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
    - debian/rules: build with --disable-use-tty-group to properly remove
      setgid bit from both wall and write.
    - CVE-2024-28085

 -- Marc Deslauriers <email address hidden> Tue, 09 Apr 2024 11:32:56 -0400

Source diff to previous version
CVE-2024-28085 escape sequence Injection in wall

Version: 2.37.2-4ubuntu3.3 2024-03-27 17:07:02 UTC

  util-linux (2.37.2-4ubuntu3.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle
      wide characters in include/carefulputc.h, login-utils/last.c,
      term-utils/write.c.
    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew
      buffering to open_memstream() in term-utils/wall.c.
    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use
      fputs_careful() in include/carefulputc.h, login-utils/last.c,
      term-utils/wall.c, term-utils/write.c.
    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on
      the terminal in term-utils/wall.c.
    - CVE-2024-28085

 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2024 08:25:19 -0400

CVE-2024-28085 escape sequence Injection in wall



About   -   Send Feedback to @ubuntu_updates