USN-6719-2: util-linux vulnerability
10 April 2024
util-linux could be made to expose sensitive information.
Releases
Packages
- util-linux - miscellaneous system utilities
Details
USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was
discovered that the fix did not fully address the issue. This update
removes the setgid permission bit from the wall and write utilities.
Original advisory details:
Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10
Ubuntu 22.04
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6719-1: util-linux-locales, eject, rfkill, libblkid1, libsmartcols1, libsmartcols-dev, uuid-runtime, util-linux-extra, libmount1, fdisk, bsdutils, bsdextrautils, libfdisk-dev, libmount-dev, mount, libblkid-dev, libfdisk1, util-linux, libuuid1, uuid-dev