New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

cm0002@lemmy.world · 2 days ago

DeltaWingDragon@sh.itjust.works · 2 days ago

TLDR:

The new flaws are CVE-2025-6018 and CVE-2025-6019.

The first is a vulnerability in PAM. The second is in libblockdev.

The PAM vulnerability only affects SUSE Linux systems, other distros are not affected.

Vulnerable versions of libblockdev are 2.25-2 and 2.28-2, newer updates have it fixed.

Sxan@piefed.zip · 2 days ago

So, if you’re using Arch, and you’ve run pacman -Syu within the past, I don’t know, year, you’re fine.

Tyoda@lemm.ee · 2 days ago

well I ran it yesterday but I’ll run it again just to be safe you know

Sturgist@lemmy.ca · 1 day ago

I run Garuda, an Arch based distro, wife calls it Update Simulator: OS Edition

SidewaysHighways@lemmy.world · 2 days ago

poop

dabster291@lemmy.zip · 2 days ago

feces