[Git][security-tracker-team/security-tracker][master] Add references for CVE-2025-6019
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 19 23:20:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d83ef8c by Salvatore Bonaccorso at 2025-06-20T00:19:17+02:00
Add references for CVE-2025-6019
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1922,8 +1922,10 @@ CVE-2025-6019 (A Local Privilege Escalation (LPE) vulnerability was found in lib
- libblockdev 3.3.0-2.1
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
NOTE: https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
+ NOTE: Fixed by: https://github.com/storaged-project/libblockdev/commit/46b54414f66e965e3c37f8f51e621f96258ae22e (3.3.1)
NOTE: As hardening measure udisks2 (in unstable since 2.10.1-12.1)
NOTE: will enforce that private mounts are mounted with 'nodev,nosuid'.
+ NOTE: https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9
CVE-2025-6018 [LPE from unprivileged to allow_active in SUSE 15's PAM]
- pam <not-affected> (SUSE specific issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/4
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d83ef8ce2bad30b5c811f00962514befd8e9245
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d83ef8ce2bad30b5c811f00962514befd8e9245
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250619/333f41b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list