rpm package
suse/util-linux&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28085 | Low | 3.3 | < 2.33.2-150100.4.45.1 | 2.33.2-150100.4.45.1 | Mar 27, 2024 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) Ther | |
| CVE-2018-7738 | — | < 2.33.2-150100.4.40.1 | 2.33.2-150100.4.40.1 | Mar 6, 2018 | In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount f |
- affected < 2.33.2-150100.4.45.1fixed 2.33.2-150100.4.45.1
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) Ther
- CVE-2018-7738Mar 6, 2018affected < 2.33.2-150100.4.40.1fixed 2.33.2-150100.4.40.1
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount f