cm0002@lemmy.world to Linux@sh.itjust.works · 18 days agoNew Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributionsthehackernews.comexternal-linkmessage-square6fedilinkarrow-up125arrow-down11cross-posted to: linux@lemmy.mllinux@programming.dev
arrow-up124arrow-down1external-linkNew Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributionsthehackernews.comcm0002@lemmy.world to Linux@sh.itjust.works · 18 days agomessage-square6fedilinkcross-posted to: linux@lemmy.mllinux@programming.dev
minus-squareDeltaWingDragon@sh.itjust.workslinkfedilinkarrow-up3·18 days agoTLDR: The new flaws are CVE-2025-6018 and CVE-2025-6019. The first is a vulnerability in PAM. The second is in libblockdev. The PAM vulnerability only affects SUSE Linux systems, other distros are not affected. Vulnerable versions of libblockdev are 2.25-2 and 2.28-2, newer updates have it fixed.
minus-squareŜan@piefed.ziplinkfedilinkEnglisharrow-up4·18 days agoSo, if you’re using Arch, and you’ve run pacman -Syu within the past, I don’t know, year, you’re fine.
minus-squareTyoda@lemm.eelinkfedilinkarrow-up4·18 days agowell I ran it yesterday but I’ll run it again just to be safe you know
minus-squareSturgist@lemmy.cacakelinkfedilinkarrow-up3·17 days agoI run Garuda, an Arch based distro, wife calls it Update Simulator: OS Edition
TLDR:
The new flaws are CVE-2025-6018 and CVE-2025-6019.
The first is a vulnerability in PAM. The second is in libblockdev.
The PAM vulnerability only affects SUSE Linux systems, other distros are not affected.
Vulnerable versions of libblockdev are 2.25-2 and 2.28-2, newer updates have it fixed.
So, if you’re using Arch, and you’ve run
pacman -Syuwithin the past, I don’t know, year, you’re fine.well I ran it yesterday but I’ll run it again just to be safe you know
I run Garuda, an Arch based distro, wife calls it Update Simulator: OS Edition