[SECURITY] [DLA 226-1] ntfs-3g security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 226-1] ntfs-3g security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 25 May 2015 20:02:01 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1505252000520.13524@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ntfs-3g
Version        : 1:2010.3.6-1+deb6u1
CVE ID         : CVE-2015-3202

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for
FUSE, does not scrub the environment before executing mount or umount
with elevated privileges. A local user can take advantage of this flaw
to overwrite arbitrary files and gain elevated privileges by accessing
debugging features via the environment that would not normally be safe
for unprivileged users.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVY2OZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHAbQP/21JeaUs6KJbnZSWgaGsNKq8
2P+IlYG0FGLAenDg0/lIwEFrDrkLEz4bsWo8FZfKoS3fGWa1aqyy5GZjSdVxSRIj
rLynUUh2W+pd9BuKYDiX5GRoJSgR46dueKpY1htNIFQ68IijQk3QcY2sHRqgey4r
wRcZKt1OyKzy5xg8LpIaeA/Qv6+2AtrQOgPgMQu+oqTF8Vno0qTBgMXGm+ryLOdn
3Qm/ec6fopz9V6XqZ24B8uYsrmi2vr3qiAlMC1AaKVsXBgKexNUpixQ0jfb+OtFK
PMD0pK+AXl9OdJlhYT6FPI8iJZNUMqhcO5WmlEDN9x/7ysvr2Q4f+V3GROqcMGTV
AwlwALIPfOHRcUlFDlRV3sRNvh+WdD1ByyNDW5x37dCS3NB/FOdRu7Ioc5CRR4HB
fL2J7X2XSW8ABRaViocYZWGXABuSi0NsbwHroi7nASFQ5krCzek1a751hOvoh4Sd
s+ckJqJ+1wBGkLwy/n/6S5b7a2ALKqzqHpUBrA+zHL65cUBiniXqKZWGq2YsX0mG
E9PkUOoAkY/I9UWbqE8uMcijA6vDu9AL+aB5muiSb2tmYVNfGYWTNY2+BN8M3ag5
l/z4i/ep9hLbu38cnDo0l2bxAnIVyTwuQ2sWO7ZhDpM204a4tcaDy8ZlBPL75EtW
ldwjiSrvdEx2DrS+J6em
=iFMk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 225-1] dnsmasq security update
Next by Date: [SECURITY] [DLA 226-2] ntfs-3g regression update
Previous by thread: [SECURITY] [DLA 225-1] dnsmasq security update
Next by thread: [SECURITY] [DLA 226-2] ntfs-3g regression update
Index(es):
- Date
- Thread