On Sun, 17 Nov 2024 14:04:54 +0200 Matan Liber <matan@pentera.io> wrote: > Package: initramfs-tools > Version: 0.136ubuntu6.7 > > vulnerability identified in mkinitramfs that could lead to a Denial of > Service (DoS) condition on affected systems. Using mkinitramfs with > the environment variable LD_LIBRARY_PATH causes machines to fail boot > due to missing libraries in the initramfs images. A full report is > attached. This isn't a security vulnerability. If an attacker can control LD_LIBRARY_PATH for a user session then they can already cause arbitrary code to be run as that user. I may address this as an issue of robustness, but it's not going to have a high priority. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo.
Attachment:
signature.asc
Description: This is a digitally signed message part