14.02.2024 15:55, Andrea Venturoli wrote: > On 2/14/24 08:07, FreeBSD Security Advisories wrote: >> ============================================================================= >> FreeBSD-SA-24:02.tty Security Advisory >> The FreeBSD >> Project >> >> Topic: jail(2) information leak >> >> Category: core >> Module: jail >> Announced: 2024-02-14 >> Credits: Pawel Jakub Dawidek >> Affects: All supported versions of FreeBSD. >> Corrected: 2024-02-12 16:25:54 UTC (stable/14, 14.0-STABLE) >> 2024-02-14 06:05:46 UTC (releng/14.0, 14.0-RELEASE-p5) >> 2024-02-12 16:27:37 UTC (stable/13, 13.2-STABLE) >> 2024-02-14 06:06:01 UTC (releng/13.2, 13.2-RELEASE-p10) >> CVE Name: CVE-2024-25941 > > Hello. > > Sorry for my dumbness, but I fail to understand the severity of this problem. > Is it like drop-everything-and-patch-yesterday or > take-it-easy-and-do-it-when-you-can?
Low impact unless some other vulnerabilities used. > How could the extracted info (tty list) be used? Like other information leaks, to leverage complex combined attacks.
