#5010 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: lfs-book
Priority: high Milestone: 11.1
Component: Book Version: git
Severity: normal Keywords:


New point version, and a security release

util-linux 2.37.4 Release Notes

This release fixes security issue in chsh(1) and chfn(8):


  The readline library uses INPUTRC= environment variable to get a path
  to the library config file. When the library cannot parse the
  specified file, it prints an error message containing data from the
  Unfortunately, the library does not use secure_getenv() (or a similar
  concept), or sanitize the config file path to avoid vulnerabilities that
  could occur if set-user-ID or set-group-ID programs.

Change History (3)

comment:1 by Xi Ruoyao, 22 months ago

It seems we can remove "runstatedir=/run". It's now the default.

comment:2 by Bruce Dubbs, 22 months ago

OK, I'll do that.

comment:3 by Bruce Dubbs, 22 months ago

Resolution: fixed
Status: newclosed

Fixed at commit 6af4dabc16cc044f4d65372cdbd203310df08e20

Package updates and fixes.
    Add binutils-2.38 LTO patch.
    Update to util-linux-2.37.4.
    Update to man-db-2.10.1.
    Update to linux-5.16.9.
    Update to vim-8.2.4383.
    Update to iana-etc-20220207.
Note: See TracTickets for help on using tickets.