Bug 9012 - Bugfix for CVE-2024-28085
Summary: Bugfix for CVE-2024-28085
Status: RESOLVED FIXED
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 23.1
Hardware: All Linux
: P3-Medium S2-major
Target Milestone: ---
Assignee: happy_orange
QA Contact: bolong_tbl
URL:
Whiteboard:
Keywords:
Depends on: 9010
Blocks: 9011
  Show dependency tree
 
Reported: 2024-05-13 15:05 UTC by Shiloong
Modified: 2024-05-16 10:24 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Shiloong admin 2024-05-13 15:05:44 UTC 
+++ This bug was initially created as a clone of Bug #9010 +++

https://anas.openanolis.cn/cves/detail/CVE-2024-28085
虽然漏洞因Wall与mesg应用没有配置setgid不受影响,但漏洞评分较高,为高危漏洞,建设修复。
Impact version: 2.24~2.40
Break commit:
https://github.com/util-linux/util-linux/commit/cdd3cc7fa4cafde492039180bb47f27ab8422261
Fix commit:
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
Comment 1 扣肉 2024-05-16 10:24:19 UTC 
https://build.openanolis.cn/buildinfo?buildID=36888

Already fixed by 2.39.1-2