9010 – Bugfix for CVE-2024-28085

Bug 9010 - Bugfix for CVE-2024-28085

Summary: Bugfix for CVE-2024-28085

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	8.9
Hardware:	All Linux

Importance:	P3-Medium S2-major
Target Milestone:	---
Assignee:	Jacob
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	9011 9012
	Show dependency tree

Reported:	2024-05-13 15:01 UTC by Shiloong
Modified:	2024-05-13 15:05 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shiloong admin

2024-05-13 15:01:39 UTC

https://anas.openanolis.cn/cves/detail/CVE-2024-28085
虽然漏洞因Wall与mesg应用没有配置setgid不受影响，但漏洞评分较高，为高危漏洞，建设修复。
Impact version: 2.24~2.40
Break commit:
https://github.com/util-linux/util-linux/commit/cdd3cc7fa4cafde492039180bb47f27ab8422261
Fix commit:
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253