From d2fa0f3b7fe8e1d3b4b57da9905ff1c4c0e7e624 Mon Sep 17 00:00:00 2001 From: zhangyao Date: Fri, 29 Mar 2024 10:14:09 +0800 Subject: [PATCH] wall: fix escape sequence Injection (cherry picked from commit fd76e5cdc0516bf74cb00b2ae419369b0dea3a3b) --- backport-CVE-2024-28085.patch | 29 +++++++++++++++++++++++++++++ util-linux.spec | 9 ++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-28085.patch diff --git a/backport-CVE-2024-28085.patch b/backport-CVE-2024-28085.patch new file mode 100644 index 0000000..874b455 --- /dev/null +++ b/backport-CVE-2024-28085.patch @@ -0,0 +1,29 @@ +From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Mar 2024 11:16:20 +0100 +Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085] + +Let's use for all cases the same output function. + +Reported-by: Skyler Ferrante +Signed-off-by: Karel Zak +--- + term-utils/wall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index f894a32f8..588d3a963 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, + int i; + + for (i = 0; i < mvecsz; i++) { +- fputs(mvec[i], fs); ++ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH); + if (i < mvecsz - 1) + fputc(' ', fs); + } +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index ddf5e16..72f8fbb 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 27 +Release: 28 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -143,6 +143,7 @@ Patch6121: backport-lib-cpuset-exit-early-from-cpulist_parse.patch Patch6122: backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch Patch6123: backport-libblkid-Check-offset-in-LUKS2-header.patch Patch6124: backport-more-fix-poll-use.patch +Patch6125: backport-CVE-2024-28085.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -514,6 +515,12 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Fri Mar 29 2024 zhangyao - 2.37.2-28 +- Type:CVE +- CVE:CVE-2024-28085 +- SUG:NA +- DESC:fix CVE-2024-28085 + * Mon Mar 11 2024 zhangyao - 2.37.2-27 - Type:bugfix - CVE:NA -- Gitee