Comment on New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
DeltaWingDragon@sh.itjust.works 19 hours ago
TLDR:
The new flaws are CVE-2025-6018 and CVE-2025-6019.
The first is a vulnerability in PAM. The second is in libblockdev.
The PAM vulnerability only affects SUSE Linux systems, other distros are not affected.
Vulnerable versions of libblockdev are 2.25-2 and 2.28-2, newer updates have it fixed.
Sxan@piefed.zip 19 hours ago
So, if you're using Arch, and you've run
pacman -Syuwithin the past, I don't know, year, you're fine.Tyoda@lemm.ee 19 hours ago
well I ran it yesterday but I’ll run it again just to be safe you know
Sturgist@lemmy.ca 7 hours ago
I run Garuda, an Arch based distro, wife calls it Update Simulator: OS Edition