CVE-2016-2779

Priority
Description
runuser in util-linux allows local users to escape to the parent session
via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's
input buffer.
Notes
 mdeslaur> 2.31 introduced a --pty option that can be used
Package
Upstream:released (2.31)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.31.1-0.4ubuntu3.3)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.32-0.1ubuntu2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.33.1-0.1ubuntu2)
Ubuntu 19.10 (Eoan):not-affected (2.33.1-0.1ubuntu2)
Patches:
Upstream:https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2
More Information

Updated: 2019-05-10 14:14:16 UTC (commit 7301de2cdc71a1bb741e30540704e12a855db310)