|
Message-ID: <Yev0nNQ9yB/ucgQU@kroah.com> Date: Sat, 22 Jan 2022 13:12:12 +0100 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: usbview polkit policy local root exploit (CVE-2022-23220) On Fri, Jan 21, 2022 at 03:33:50PM +0100, Matthias Gerstner wrote: > Hello list, > > this is to inform you about a local root exploit I found in usbview [1] > release 2.1. This finding was embargoed for 7 days on the linux-distros > mailing list and the fix has been published today. > > The upstream author Greg KH is currently working on an improved version > of usbview that will no longer require root privileges to run. That new version is now released as 3.0, which should prevent the need for any of this mess in the future as no root permissions are needed at all. thanks, gre gk-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.