Description cribbed from Red Hat at https://access.redhat.com/security/cve/cve-2022-0563. commit 39a81981ac4b8a1f521db550afc117ccab9548cb Author: Karel Zak <kzak@redhat.com> Date: Thu Feb 10 12:03:17 2022 +0100 chsh, chfn: remove readline support [CVE-2022-0563] The readline library uses INPUTRC= environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. Unfortunately, the library does not use secure_getenv() (or a similar concept) to avoid vulnerabilities that could occur if set-user-ID or set-group-ID programs. Reported-by: Rory Mackie <rory.mackie@trailofbits.com> Signed-off-by: Karel Zak <kzak@redhat.com> login-utils/Makemodule.am | 2 +- login-utils/chfn.c | 14 ++------------ login-utils/chsh.c | 43 +++---------------------------------------- 3 files changed, 6 insertions(+), 53 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd7843850e85f86958a900d7722cb56aa9b5bec1 commit bd7843850e85f86958a900d7722cb56aa9b5bec1 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-14 22:55:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-14 23:03:37 +0000 sys-apps/util-linux: add 2.37.4 Bug: https://bugs.gentoo.org/833365 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/util-linux/Manifest | 1 + sys-apps/util-linux/util-linux-2.37.4.ebuild | 333 +++++++++++++++++++++++++++ 2 files changed, 334 insertions(+)
Please cleanup
Activity on the bug made me realise the connection wrt chfn & sys-apps/shadow. Indeed: ``` $ grep -rsin chfn util-linux-2.38.1-r2.ebuild:226: --disable-chfn-chsh util-linux-2.38.1.ebuild:243: --disable-chfn-chsh util-linux-9999.ebuild:226: --disable-chfn-chsh util-linux-2.37.4.ebuild:189: --disable-chfn-chsh ``` I don't think this bug ever affected Gentoo, modulo older versions doing it (not checked, so I'll leave open until someone has verified it).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4e42800d2202837758726b7cc0f86440487fee40 commit 4e42800d2202837758726b7cc0f86440487fee40 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-07 08:30:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-07 08:30:48 +0000 [ GLSA 202401-08 ] util-linux: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/806070 Bug: https://bugs.gentoo.org/831978 Bug: https://bugs.gentoo.org/833365 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-08.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)
