Package: fuse-utils Severity: grave Tags: security fuse 2.8.2 fixes a race condition if two fusermount -u instances are run in paralell, which allows local privilege escalation.
This issue was discovered by Dan Rosenberg. Cheers, Moritz -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core) Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages fuse-utils depends on: ii adduser 3.112 add and remove users and groups ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib pn libfuse2 <none> (no description available) ii makedev 2.3.1-89 creates device files in /dev ii sed 4.2.1-6 The GNU sed stream editor ii udev 150-2 /dev/ and hotplug management daemo fuse-utils recommends no packages. fuse-utils suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org