Re: making Debian secure by default

To: debian-user@lists.debian.org
Subject: Re: making Debian secure by default
From: Andy Smith <andy@strugglers.net>
Date: Sun, 31 Mar 2024 19:00:50 +0000
Message-id: <[🔎] Zgmy4gcik5SVq69x@mail.bitfolk.com>
In-reply-to: <[🔎] CAD8GWssBoRrCzW0TSUGxMeuY=y_bTM-nMuSO7_4g1Kyk79fgqQ@mail.gmail.com>
References: <[🔎] CAD8GWssBoRrCzW0TSUGxMeuY=y_bTM-nMuSO7_4g1Kyk79fgqQ@mail.gmail.com>

Hello,

On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> I just saw this advisory
>   Escape sequence injection in util-linux wall (CVE-2024-28085)
>     https://seclists.org/fulldisclosure/2024/Mar/35
> where they're talking about grabbing other users sudo password.

I note that "write" and "wall" in Debian had setgid removed after this.

    https://salsa.debian.org/debian/util-linux/-/commit/c4be137b4b09a855713c1f4d052dfee773c4ad3b
    https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

Follow-Ups:
- Re: making Debian secure by default
  - From: Roberto C. Sánchez <roberto@debian.org>

References:
- making Debian secure by default
  - From: Lee <ler762@gmail.com>

Prev by Date: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
Next by Date: Re: making Debian secure by default
Previous by thread: Re: making Debian secure by default
Next by thread: Re: making Debian secure by default
Index(es):
- Date
- Thread