摘要:
util-linux security update
安全等级: Low
公告ID: KylinSec-SA-2024-3163
发布日期: 2024年4月3日
关联CVE: CVE-2024-28085
The util-linux package contains a random collection of files that implements some low-level basic linux utilities.
Security Fix(es):
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.(CVE-2024-28085)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-28085 | KY3.4-5A | util-linux | Fixed |
| CVE-2024-28085 | KY3.5.2 | util-linux | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| util-linux-help | noarch | 2.35.2-16.kb2.ky3_4 |
| libsmartcols | x86_64 | 2.35.2-16.kb2.ky3_4 |
| libmount | x86_64 | 2.35.2-16.kb2.ky3_4 |
| util-linux-user | x86_64 | 2.35.2-16.kb2.ky3_4 |
| libblkid | x86_64 | 2.35.2-16.kb2.ky3_4 |
| python-libmount | x86_64 | 2.35.2-16.kb2.ky3_4 |
| util-linux | x86_64 | 2.35.2-16.kb2.ky3_4 |
| util-linux-devel | x86_64 | 2.35.2-16.kb2.ky3_4 |
| uuidd | x86_64 | 2.35.2-16.kb2.ky3_4 |
| libuuid | x86_64 | 2.35.2-16.kb2.ky3_4 |
| libfdisk | x86_64 | 2.35.2-16.kb2.ky3_4 |
| util-linux-user | aarch64 | 2.35.2-16.kb2.ky3_4 |
| libfdisk | aarch64 | 2.35.2-16.kb2.ky3_4 |
| libsmartcols | aarch64 | 2.35.2-16.kb2.ky3_4 |
| util-linux | aarch64 | 2.35.2-16.kb2.ky3_4 |
| python-libmount | aarch64 | 2.35.2-16.kb2.ky3_4 |
| util-linux-devel | aarch64 | 2.35.2-16.kb2.ky3_4 |
| uuidd | aarch64 | 2.35.2-16.kb2.ky3_4 |
| libmount | aarch64 | 2.35.2-16.kb2.ky3_4 |
| libuuid | aarch64 | 2.35.2-16.kb2.ky3_4 |
| libblkid | aarch64 | 2.35.2-16.kb2.ky3_4 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| util-linux-help | noarch | 2.37.2-28.ky3_5.kb1 |
| python3-libmount | x86_64 | 2.37.2-28.ky3_5.kb1 |
| libmount | x86_64 | 2.37.2-28.ky3_5.kb1 |
| libblkid | x86_64 | 2.37.2-28.ky3_5.kb1 |
| util-linux-user | x86_64 | 2.37.2-28.ky3_5.kb1 |
| libuuid | x86_64 | 2.37.2-28.ky3_5.kb1 |
| libfdisk | x86_64 | 2.37.2-28.ky3_5.kb1 |
| util-linux-devel | x86_64 | 2.37.2-28.ky3_5.kb1 |
| libsmartcols | x86_64 | 2.37.2-28.ky3_5.kb1 |
| util-linux | x86_64 | 2.37.2-28.ky3_5.kb1 |
| uuidd | x86_64 | 2.37.2-28.ky3_5.kb1 |
| libsmartcols | aarch64 | 2.37.2-28.ky3_5.kb1 |
| libmount | aarch64 | 2.37.2-28.ky3_5.kb1 |
| libuuid | aarch64 | 2.37.2-28.ky3_5.kb1 |
| python3-libmount | aarch64 | 2.37.2-28.ky3_5.kb1 |
| libfdisk | aarch64 | 2.37.2-28.ky3_5.kb1 |
| uuidd | aarch64 | 2.37.2-28.ky3_5.kb1 |
| util-linux-devel | aarch64 | 2.37.2-28.ky3_5.kb1 |
| util-linux-user | aarch64 | 2.37.2-28.ky3_5.kb1 |
| util-linux | aarch64 | 2.37.2-28.ky3_5.kb1 |
| libblkid | aarch64 | 2.37.2-28.ky3_5.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
