[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making Debian secure by default

On 3/31/24 15:26, Roberto C. Sánchez wrote:

On Sun, Mar 31, 2024 at 07:00:50PM +0000, Andy Smith wrote:

Hello,

On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:

I just saw this advisory
   Escape sequence injection in util-linux wall (CVE-2024-28085)
     https://seclists.org/fulldisclosure/2024/Mar/35
where they're talking about grabbing other users sudo password.


I note that "write" and "wall" in Debian had setgid removed after this.

     https://salsa.debian.org/debian/util-linux/-/commit/c4be137b4b09a855713c1f4d052dfee773c4ad3b
     https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog


The fix has also been made to stable and oldstable:
https://lists.debian.org/debian-security-announce/2024/msg00058.html

Does this mean its now safe to update our bookworm installs?
TY.


Regards,

-Roberto


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Reply to: