Updated util-linux packages are available for both Debian GNU/Linux 8 (Jessie) and 9 Extended LTS (Stretch):
ELA-1154-1 util-linux security update
ELA-1154-1 util-linux security update
ELA-1154-1 util-linux security update
Package : util-linux
Version : 2.26.2+really2.25.2-6+deb8u2 (jessie), 2.29.2-1+deb9u3 (stretch)
Related CVEs :
CVE-2024-28085
Skyler Ferrante discovered that the wall(1) utility found in
util-linux, a collection of system utilities for Linux, does not
filter escape sequences from command line arguments. This allows
unprivileged local users to put arbitrary text on other users
terminals if mesg is set to ‘y’ and the wall executable is setgid,
which could lead to information disclosure.
With this update the wall executable is no longer installed setgid
tty.
