Debian 10249 Published by

Updated util-linux packages are available for both Debian GNU/Linux 8 (Jessie) and 9 Extended LTS (Stretch):

ELA-1154-1 util-linux security update



ELA-1154-1 util-linux security update

Package : util-linux
Version : 2.26.2+really2.25.2-6+deb8u2 (jessie), 2.29.2-1+deb9u3 (stretch)

Related CVEs :
CVE-2024-28085

Skyler Ferrante discovered that the wall(1) utility found in
util-linux, a collection of system utilities for Linux, does not
filter escape sequences from command line arguments. This allows
unprivileged local users to put arbitrary text on other users
terminals if mesg is set to ‘y’ and the wall executable is setgid,
which could lead to information disclosure.
With this update the wall executable is no longer installed setgid
tty.

ELA-1154-1 util-linux security update