[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 226-2] ntfs-3g regression update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ntfs-3g
Version        : 1:2010.3.6-1+deb6u2
CVE ID         : CVE-2015-3202

The patch applied for ntfs-3g to fix CVE-2015-3202 in DLA 226-1 was
incomplete. This update corrects that problem. For reference the
original advisory text follows.

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for
FUSE, does not scrub the environment before executing mount or umount
with elevated privileges. A local user can take advantage of this flaw
to overwrite arbitrary files and gain elevated privileges by accessing
debugging features via the environment that would not normally be safe
for unprivileged users.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVZNXAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHk2cP/iCx5EjpcqKU7rMx19Xkkcp+
pCBe/k+2DSomANh4amLaO28wOtpRatg9jcKI8S3Pzs2PhBU/mrv/9Tifvj952lUd
P/tsDc195t9fkQsMwQDbW9xAn5CJJ4snvYcQFaDMeOUvrShViC/d7FoDTKv8tCcW
+dIFJt6XTAX2n26zNJWf4JFczRxoixqmwzkJ0PwfOBOsq3ZO2NdgH2ot7eJwxcTc
VVVyzyljvk5SxJHxuGrJWn1+h8LbCivu19skts3TJEl27J+2WYGVgj+jMup9UCHA
G0soW1R93p0GXttolS4C6W5t6y7o6xOqAI11pSw9+zDKISdI/IZY6vk1KDkj1nkS
tJvuXuMTbReDX9T9AGDqLizKOUKact/eV+Dy3SxHo4knwR4sMAn0LqkiS5tvypDu
RdJ/I6sjhfXzRSMdowog+6Y+sppuR6JcO3kLxbNvajGXwXH8COdNWDHwSfkSEvOM
eP/nen1lpIwahXcl361cDun5ZacZ1K6f9NOBkkKsrCfvnww9WEm6DEadE0Ez1vEx
perjloP5+8eXcKSKlVFeLndMDxNftucEntmZxkbA92pAp19PJUQIvT8J7s+/eyF+
BzaTQDJ47fAJZJjvfUYFJcvGIIN7GY531vkevIa31qNMEir73K787IqMN+z103aS
FjL2iWDHSTgKgiZRiuxR
=dpDi
-----END PGP SIGNATURE-----


Reply to: