Re: [oss-security] path traversal in tar extract in intel cve-bin-tool

solve() are wrong tools for the job. Anyway, I suspect that cve-bin-tool's extractors for other file formats are still vulnerable to path traversal, so I wouldn't recommend running it against untrusted files. -- Jakub Wilk

Re: [oss-security] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks

1 in /etc/pam.d/sshd (it is 0 by default, since Linux-PAM 1.4.0). I reported this back in 2014: https://bugs.debian.org/761600 -- Jakub Wilk

Re: [oss-security] CVE-2024-47081: Netrc credential leak in PSF requests library

p in the presence of redirects. The redirected URL would still be fetched with netrc auth. -- Jakub Wilk

Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)

> /dev/null $ echo pwned > ~/.Private/libexploit.so $ ls -l ~/.Private/libexploit.so -rw-rw-rw-+ 1 _kea _kea 6 May 28 18:15 /home/jwilk/.Private/libexploit.so $ cat ~/.Private/libexploit.so pwned -- Jakub Wilk

Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow

r-overflow on address 0xf5f00021 at pc 0xf79c113e bp 0xfff496e8 sp 0xfff492c4 READ of size 2 at 0xf5f00021 thread T0 -- Jakub Wilk

Re: [oss-security] vulnerabilities in busybox tar and cpio tools

: disallow path traversals (CVE-2023-39810)") The essence of the patch is: +#if ENABLE_FEATURE_PATH_TRAVERSAL_PROTECTION + /* Strip leading "/" and up to last "/../" path component */ + dst_name = (char *)strip_unsafe_prefix(dst_name); +#endif -- Jakub Wilk

Re: [oss-security] Local Privilege Escalations in needrestart

runtime warnings against suspicious two-argument open() calls. The patch still applies cleanly, and apparently even works, so I've attached it here. Maybe someone will find it useful. -- Jakub Wilk From: Jakub Wilk Date: Sat, 26 Jan 2019 17:48:21 +0100 Subject: [PATCH] Warn against suspiciou

Re: [oss-security] shell wildcard expansion (un)safety

ssume that this environment variable isn't coming back. -- Jakub Wilk

Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise

or a reverse engineer. Congrats, you've just made a lot of people feel inadequate. :P -- Jakub Wilk

[oss-security] Re: less(1) with LESSOPEN mishandles \n in paths

* Jakub Wilk , 2024-04-12 14:20: less(1) does not correctly escape newlines in pathnames when constructing command line of the input preprocessor. CVE-2024-32487 was assigned to this bug. -- Jakub Wilk

Re: [oss-security] Re: backdoor in upstream xz/liblzma leading to ssh server compromise

The sed command is not completely equivalent to cat though: it appends a newline, because the original file didn't end with one. This trailing garbage slightly upsets xz(1): xz: (stdin): Unexpected end of input (You normally wouldn't see this warning, thanks to generous use of "2>/dev/null" in build-to-host.m4.) -- Jakub Wilk

[oss-security] less(1) with LESSOPEN mishandles \n in paths

(__)\ )\/\ ||w | || || ./ |m/oo (file 1 of 2) (END) - Next: ./m/oo Upstream fix: https://github.com/gwsw/less/commit/007521ac3c95bc76 -- Jakub Wilk