|
|
|
|
|
|
by alibob
1310 days ago
|
|
|
<https://news.ycombinator.com/item?id=33467522> Got it. Linux distributions (ex. RHEL) have --with-pam in configure, so not vulnerable (code not compiled). (If you have --with-passwd in configure, then passwd.c is compiled, and you are vulnerable, but Linux distributions do not do this.) <https://ubuntu.com/security/CVE-2022-43995> sudo packages in Ubuntu are compiled with PAM support, so the vulnerable code isn't part of the binaries.
Not vulnerable (code not compiled)
|
|
|