Opened 2 years ago
Closed 2 years ago
#5010 closed enhancement (fixed)
util-linux-2.37.4
| Reported by: | Douglas R. Reno | Owned by: | lfs-book |
|---|---|---|---|
| Priority: | high | Milestone: | 11.1 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version, and a security release
util-linux 2.37.4 Release Notes
===============================
This release fixes security issue in chsh(1) and chfn(8):
CVE-2022-0563
The readline library uses INPUTRC= environment variable to get a path
to the library config file. When the library cannot parse the
specified file, it prints an error message containing data from the
file.
Unfortunately, the library does not use secure_getenv() (or a similar
concept), or sanitize the config file path to avoid vulnerabilities that
could occur if set-user-ID or set-group-ID programs.
Change History (3)
comment:1 by , 2 years ago
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed at commit 6af4dabc16cc044f4d65372cdbd203310df08e20
Package updates and fixes.
Add binutils-2.38 LTO patch.
Update to util-linux-2.37.4.
Update to man-db-2.10.1.
Update to linux-5.16.9.
Update to vim-8.2.4383.
Update to iana-etc-20220207.
Note:
See TracTickets
for help on using tickets.
It seems we can remove "runstatedir=/run". It's now the default.