util-linux: Fix CVE-2024-28085 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-06-07 12:41:23 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-06-14 05:19:22 -0700
commit	750ceb4b76b3e37e7bc041a8612d6ebe57d78cac (patch)
tree	920e8377c4aed3a4ebf31adbdbe6ba019931a916 /scripts/lib/devtool/menuconfig.py
parent	125ca0ff2fd3f9ee22eb788d49318e4becd02d8a (diff)
download	poky-750ceb4b76b3e37e7bc041a8612d6ebe57d78cac.tar.gz

util-linux: Fix CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. References: https://nvd.nist.gov/vuln/detail/CVE-2024-28085 (From OE-Core rev: b40a77416f73955833faeddf6091a99ff9837199) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/menuconfig.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: