[Git][security-tracker-team/security-tracker][master] Add new pam and libblockdev issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 17 21:07:25 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9e85af7 by Salvatore Bonaccorso at 2025-06-17T22:06:47+02:00
Add new pam and libblockdev issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2025-6019 [LPE from allow_active to root in libblockdev via udisks]
+ - libblockdev <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
+ NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
+ NOTE: As hardening measure udisk2 (in unstable since 2.10.1-12.1)
+ NOTE: will enforce that private mounts are mounted with 'nodev,nosuid'.
+CVE-2025-6018 [LPE from unprivileged to allow_active in SUSE 15's PAM]
+ - pam <not-affected> (SUSE specific issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
+ NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
CVE-2025-6192
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9e85af7b5b4f66316edef4fdfd4de63173145af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9e85af7b5b4f66316edef4fdfd4de63173145af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/296e6670/attachment.htm>
More information about the debian-security-tracker-commits
mailing list