An update for util-linux is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1383 Final 1.0 1.0 2024-04-12 Initial 2024-04-12 2024-04-12 openEuler SA Tool V1.0 2024-04-12 util-linux security update An update for util-linux is now available for openEuler-20.03-LTS-SP1. The util-linux package contains a random collection of files that implements some low-level basic linux utilities. Security Fix(es): wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.(CVE-2024-28085) An update for util-linux is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low util-linux https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1383 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-28085 https://nvd.nist.gov/vuln/detail/CVE-2024-28085 openEuler-20.03-LTS-SP1 python-libmount-2.35.2-13.oe1.aarch64.rpm util-linux-user-2.35.2-13.oe1.aarch64.rpm util-linux-debuginfo-2.35.2-13.oe1.aarch64.rpm libblkid-2.35.2-13.oe1.aarch64.rpm uuidd-2.35.2-13.oe1.aarch64.rpm libmount-2.35.2-13.oe1.aarch64.rpm libfdisk-2.35.2-13.oe1.aarch64.rpm util-linux-devel-2.35.2-13.oe1.aarch64.rpm libuuid-2.35.2-13.oe1.aarch64.rpm util-linux-debugsource-2.35.2-13.oe1.aarch64.rpm libsmartcols-2.35.2-13.oe1.aarch64.rpm util-linux-2.35.2-13.oe1.aarch64.rpm util-linux-help-2.35.2-13.oe1.noarch.rpm util-linux-2.35.2-13.oe1.src.rpm libsmartcols-2.35.2-13.oe1.x86_64.rpm python-libmount-2.35.2-13.oe1.x86_64.rpm libuuid-2.35.2-13.oe1.x86_64.rpm libblkid-2.35.2-13.oe1.x86_64.rpm util-linux-debuginfo-2.35.2-13.oe1.x86_64.rpm libmount-2.35.2-13.oe1.x86_64.rpm util-linux-2.35.2-13.oe1.x86_64.rpm uuidd-2.35.2-13.oe1.x86_64.rpm util-linux-user-2.35.2-13.oe1.x86_64.rpm util-linux-debugsource-2.35.2-13.oe1.x86_64.rpm libfdisk-2.35.2-13.oe1.x86_64.rpm util-linux-devel-2.35.2-13.oe1.x86_64.rpm wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. 2024-04-12 CVE-2024-28085 openEuler-20.03-LTS-SP1 Low 0.0 util-linux security update 2024-04-12 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1383