{"id":"USN-6719-2","summary":"util-linux vulnerability","details":"USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was\ndiscovered that the fix did not fully address the issue. This update\nremoves the setgid permission bit from the wall and write utilities.\n\nOriginal advisory details:\n\n Skyler Ferrante discovered that the util-linux wall command did not filter\n escape sequences from command line arguments. A local attacker could\n possibly use this issue to obtain sensitive information.\n","modified":"2026-02-10T04:43:38Z","published":"2024-04-10T12:24:42Z","related":["UBUNTU-CVE-2024-28085"],"upstream":["CVE-2024-28085","UBUNTU-CVE-2024-28085"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6719-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-28085"}],"affected":[{"package":{"name":"util-linux","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.6?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.34-0.1ubuntu9.6"}]}],"versions":["2.34-0.1ubuntu2","2.34-0.1ubuntu4","2.34-0.1ubuntu5","2.34-0.1ubuntu6","2.34-0.1ubuntu7","2.34-0.1ubuntu8","2.34-0.1ubuntu9","2.34-0.1ubuntu9.1","2.34-0.1ubuntu9.3","2.34-0.1ubuntu9.4","2.34-0.1ubuntu9.5"],"ecosystem_specific":{"binaries":[{"binary_version":"1:2.34-0.1ubuntu9.6","binary_name":"bsdutils"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"fdisk"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libblkid-dev"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libblkid1"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libfdisk-dev"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libfdisk1"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libmount-dev"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libmount1"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libsmartcols-dev"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libsmartcols1"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"libuuid1"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"mount"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"rfkill"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"util-linux"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"util-linux-locales"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"uuid-dev"},{"binary_version":"2.34-0.1ubuntu9.6","binary_name":"uuid-runtime"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6719-2.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-28085"}]}}},{"package":{"name":"util-linux","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3.4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.37.2-4ubuntu3.4"}]}],"versions":["2.36.1-8ubuntu1","2.37.2-4ubuntu1","2.37.2-4ubuntu2","2.37.2-4ubuntu3","2.37.2-4ubuntu3.3"],"ecosystem_specific":{"binaries":[{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"bsdextrautils"},{"binary_version":"1:2.37.2-4ubuntu3.4","binary_name":"bsdutils"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"eject"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"fdisk"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libblkid-dev"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libblkid1"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libfdisk-dev"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libfdisk1"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libmount-dev"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libmount1"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libsmartcols-dev"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libsmartcols1"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"libuuid1"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"mount"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"rfkill"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"util-linux"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"util-linux-locales"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"uuid-dev"},{"binary_version":"2.37.2-4ubuntu3.4","binary_name":"uuid-runtime"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6719-2.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2024-28085"}]}}}],"schema_version":"1.7.3"}