Date: Wed, 14 Feb 2024 16:43:19 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Andrea Venturoli <ml@netfence.it>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-24:02.tty Message-ID: <a53f1036-a7ff-a73d-a08c-0812ab08a3d1@grosbein.net> In-Reply-To: <40f75ef7-78d6-481e-967f-c5f258830596@netfence.it> References: <20240214070711.3259126676@freefall.freebsd.org> <40f75ef7-78d6-481e-967f-c5f258830596@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
14.02.2024 15:55, Andrea Venturoli wrote: > On 2/14/24 08:07, FreeBSD Security Advisories wrote: >> ============================================================================= >> FreeBSD-SA-24:02.tty Security Advisory >> The FreeBSD Project >> >> Topic: jail(2) information leak >> >> Category: core >> Module: jail >> Announced: 2024-02-14 >> Credits: Pawel Jakub Dawidek >> Affects: All supported versions of FreeBSD. >> Corrected: 2024-02-12 16:25:54 UTC (stable/14, 14.0-STABLE) >> 2024-02-14 06:05:46 UTC (releng/14.0, 14.0-RELEASE-p5) >> 2024-02-12 16:27:37 UTC (stable/13, 13.2-STABLE) >> 2024-02-14 06:06:01 UTC (releng/13.2, 13.2-RELEASE-p10) >> CVE Name: CVE-2024-25941 > > Hello. > > Sorry for my dumbness, but I fail to understand the severity of this problem. > Is it like drop-everything-and-patch-yesterday or take-it-easy-and-do-it-when-you-can? Low impact unless some other vulnerabilities used. > How could the extracted info (tty list) be used? Like other information leaks, to leverage complex combined attacks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a53f1036-a7ff-a73d-a08c-0812ab08a3d1>