UbuntuUpdates.org

Package "uuid-runtime"

Name: uuid-runtime

Description:

runtime components for the Universally Unique ID library

Latest version: 2.34-0.1ubuntu9.6
Release: focal (20.04)
Level: security
Repository: main
Head package: util-linux

Links


Download "uuid-runtime"


Other versions of "uuid-runtime" in Focal

Repository Area Version
base main 2.34-0.1ubuntu9
updates main 2.34-0.1ubuntu9.6

Changelog

Version: 2.34-0.1ubuntu9.6 2024-04-10 14:31:35 UTC

  util-linux (2.34-0.1ubuntu9.6) focal-security; urgency=medium

  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
    - debian/rules: build with --disable-use-tty-group to properly remove
      setgid bit from both wall and write.
    - CVE-2024-28085

 -- Marc Deslauriers <email address hidden> Tue, 09 Apr 2024 11:34:13 -0400

Source diff to previous version
CVE-2024-28085 escape sequence Injection in wall

Version: 2.34-0.1ubuntu9.5 2024-03-27 17:06:58 UTC

  util-linux (2.34-0.1ubuntu9.5) focal-security; urgency=medium

  * SECURITY UPDATE: Improper neutralization of escape sequences in wall
    - debian/patches/CVE-2024-28085-pre1.patch: correctly handle wide
      characters in include/carefulputc.h, login-utils/last.c,
      term-utils/write.c, libsmartcols/src/fput.c.
    - debian/patches/CVE-2024-28085-pre2.patch: convert homebrew buffering
      to open_memstream() in term-utils/wall.c.
    - debian/patches/CVE-2024-28085-pre3.patch: use fputs_careful() in
      include/carefulputc.h, login-utils/last.c, term-utils/wall.c,
      term-utils/write.c.
    - debian/patches/CVE-2024-28085.patch: consolidate output on the
      terminal in term-utils/wall.c.
    - CVE-2024-28085

 -- Marc Deslauriers <email address hidden> Fri, 22 Mar 2024 08:37:10 -0400

Source diff to previous version
CVE-2024-28085 escape sequence Injection in wall

Version: 2.34-0.1ubuntu9.3 2022-02-09 15:07:17 UTC

  util-linux (2.34-0.1ubuntu9.3) focal-security; urgency=medium

  * SECURITY UPDATE: Unauthorized unmount of FUSE filesystems belonging to
    users with similar uid
    - debian/patches/CVE-2021-3995-1.patch: make sure mem2strcpy() buffer
      is zeroized in include/strutils.h.
    - debian/patches/CVE-2021-3995-2.patch: fix UID check for FUSE umount
      in libmount/src/context_umount.c, libmount/src/mountP.h,
      libmount/src/optstr.c.
    - CVE-2021-3995
  * SECURITY UPDATE: Unauthorized unmount in util-linux's libmount
    - debian/patches/CVE-2021-3996-1.patch: remove support for deleted
      mount table entries in libmount/src/tab_parse.c.
    - debian/patches/CVE-2021-3996-2.patch: update mountinfo files
      in tests/*.
    - CVE-2021-3996

 -- Marc Deslauriers <email address hidden> Mon, 07 Feb 2022 08:33:35 -0500




About   -   Send Feedback to @ubuntu_updates