Skyler Ferrante discovered that the wall tool from util-linux does not properly handle escape sequences from command line arguments. A local attacker can take advantage of this flaw for information disclosure.
With this update wall and write are not anymore installed with setgid tty.
https://security-tracker.debian.org/tracker/DSA-5650-1
Continue reading...
With this update wall and write are not anymore installed with setgid tty.
https://security-tracker.debian.org/tracker/DSA-5650-1
Continue reading...