Back to bug 2053151
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2022-02-10 15:51:12 UTC | CC | security-response-team | |
| Mauro Matteo Cascella | 2022-02-10 15:51:35 UTC | Blocks | 2052148 | |
| Guilherme de Almeida Suckevicz | 2022-02-10 16:09:31 UTC | Summary | EMBARGOED util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | EMBARGOED CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| Alias | CVE-2022-0563 | |||
| Guilherme de Almeida Suckevicz | 2022-02-10 16:10:10 UTC | Blocks | 2053163 | |
| Mauro Matteo Cascella | 2022-02-14 18:55:10 UTC | CC | jonathan | |
| Summary | EMBARGOED CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | ||
| Group | qe_staff, security | |||
| Deadline | 2022-02-14 | |||
| Mauro Matteo Cascella | 2022-02-14 18:58:04 UTC | Fixed In Version | util-linux 2.37.4 | |
| Mauro Matteo Cascella | 2022-02-14 18:58:39 UTC | Comment | 0 | updated |
| Mauro Matteo Cascella | 2022-02-14 19:07:24 UTC | Depends On | 2054356, 2054355 | |
| Mauro Matteo Cascella | 2022-02-14 19:08:42 UTC | Depends On | 2054358, 2054357 | |
| Mauro Matteo Cascella | 2022-02-14 19:23:50 UTC | Doc Text | A flaw was found in util-linux's chfn and chsh utilities when compiled with readline support. The readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. An unprivileged user could use this flaw to read root-owned files, potentially leading to privilege escalation. | |
| RaTasha Tillery-Smith | 2022-02-15 18:44:24 UTC | Doc Text | A flaw was found in util-linux's chfn and chsh utilities when compiled with readline support. The readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. An unprivileged user could use this flaw to read root-owned files, potentially leading to privilege escalation. | A flaw was found in the Linux kernel’s util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. |
| Red Hat Bugzilla | 2022-02-22 06:37:29 UTC | Depends On | 2055307, 2055306 | |
| CC | jnakfour | |||
| Red Hat Bugzilla | 2023-02-01 08:27:37 UTC | CC | tkasparek | |
| Mauro Matteo Cascella | 2023-02-22 17:25:54 UTC | Comment | 0 | updated |
| Red Hat Bugzilla | 2023-07-07 08:31:16 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 2053151