Bug#786475: marked as done (ntfs-3g: CVE-2015-3202)

Tue, 26 May 2015 11:33:34 -0700 

Your message dated Tue, 26 May 2015 18:28:49 +0000
with message-id <e1yxjar-0003fn...@franck.debian.org>
and subject line Bug#786475: fixed in ntfs-3g 1:2014.2.15AR.3-3
has caused the Debian Bug report #786475,
regarding ntfs-3g: CVE-2015-3202
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
786475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786475
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: ntfs-3g
Version: 1:2013.1.13AR.3-2
Severity: grave
Tags: security patch upstream
Justification: user security hole

Hi Laszlo

ntfs-3g in jessie and above is similarly affected by CVE-2015-3202
since ntfs-3g since 1:2013.1.13AR.3-2 builds with internal fuse copy.

The patch I have used to prepare the updates for jessie is attached.

ntfs-3g though should try to use the system fuse and not the embedded
copy, could you check to switch this back?

Regards,
Salvatore

Description: Fix CVE-2015-3202
 Missing scrubbing of the environment before executing a mount or umount
 of a filesystem.
Origin: backport
Author: Miklos Szeredi <mik...@szeredi.hu>
Last-Update: 2015-05-19

---
 lib/mount_util.c |   23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

--- a/libfuse-lite/mount_util.c
+++ b/libfuse-lite/mount_util.c
@@ -66,6 +66,7 @@ int fuse_mnt_add_mount(const char *progn
         return -1;
     }
     if (res == 0) {
+        char *env = NULL;
         char templ[] = "/tmp/fusermountXXXXXX";
         char *tmp;
 
@@ -87,8 +88,8 @@ int fuse_mnt_add_mount(const char *progn
             exit(1);
         }
         rmdir(tmp);
-        execl("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
-              fsname, mnt, NULL);
+        execle("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
+              fsname, mnt, NULL, &env);
         fprintf(stderr, "%s: failed to execute /sbin/mount: %s\n", progname,
                 strerror(errno));
         exit(1);
@@ -120,9 +121,16 @@ int fuse_mnt_umount(const char *progname
         return -1;
     }
     if (res == 0) {
+        char *env = NULL;
+
         setuid(geteuid());
-        execl("/sbin/umount", "/sbin/umount", !lazy ? "-f" : NULL, mnt,
-              NULL);
+        if (!lazy) {
+                execle("/sbin/umount", "/sbin/umount", "-f", mnt,
+                       NULL, &env);
+        } else {
+                execle("/sbin/umount", "/sbin/umount", mnt,
+                       NULL, &env);
+        }
         fprintf(stderr, "%s: failed to execute /sbin/umount: %s\n", progname,
                 strerror(errno));
         exit(1);
@@ -302,6 +310,7 @@ int fuse_mnt_add_mount(const char *progn
         return 0;
     }
     if (res == 0) {
+        char *env = NULL;
         char templ[] = "/tmp/fusermountXXXXXX";
         char *tmp;
 
@@ -325,8 +334,8 @@ int fuse_mnt_add_mount(const char *progn
             exit(1);
         }
         rmdir(tmp);
-        execl("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
-              fsname, mnt, NULL);
+        execle("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
+              fsname, mnt, NULL, &env);
         fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", progname,
                 strerror(errno));
         exit(1);

--- End Message ---
--- Begin Message --- 
Source: ntfs-3g
Source-Version: 1:2014.2.15AR.3-3

We believe that the bug you reported is fixed in the latest version of
ntfs-3g, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 786...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated ntfs-3g package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 26 May 2015 17:23:19 +0000
Source: ntfs-3g
Binary: ntfs-3g ntfs-3g-dbg ntfs-3g-dev ntfs-3g-udeb
Architecture: source amd64
Version: 1:2014.2.15AR.3-3
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Description:
 ntfs-3g    - read/write NTFS driver for FUSE
 ntfs-3g-dbg - read/write NTFS driver for FUSE (debug)
 ntfs-3g-dev - read/write NTFS driver for FUSE (development)
 ntfs-3g-udeb - read/write NTFS driver for FUSE (udeb)
Closes: 786475
Changes:
 ntfs-3g (1:2014.2.15AR.3-3) unstable; urgency=high
 .
   [ Salvatore Bonaccorso <car...@debian.org> ]
   * Change all relevant execl() calls to execle() to fix all possible cases
     of CVE-2015-3202 (closes: #786475).
Checksums-Sha1:
 19f63fc3cba5e20910c65306815654d0b14a6bbd 2148 ntfs-3g_2014.2.15AR.3-3.dsc
 d19218add3baf83b0e499e20bec036a5da39e79f 22248 
ntfs-3g_2014.2.15AR.3-3.debian.tar.xz
 4ae3221ee3b59779c82edf2f5c52178d6fb33600 1300006 
ntfs-3g-dbg_2014.2.15AR.3-3_amd64.deb
 5fafed528060722a46187f82e49af8ff189699a9 233492 
ntfs-3g-dev_2014.2.15AR.3-3_amd64.deb
 cd4d69f433374bd16853c55a1cb1cfdb7e8d1de3 219232 
ntfs-3g-udeb_2014.2.15AR.3-3_amd64.udeb
 3af857de02437efe9e5a61559924906f4cdcc6a9 488886 
ntfs-3g_2014.2.15AR.3-3_amd64.deb
Checksums-Sha256:
 1135f9854166a6df70078d21561203cbd2ccd3beee4a5b069af597f41890ac83 2148 
ntfs-3g_2014.2.15AR.3-3.dsc
 e4a01c38c3d7947ed2e066c9e0aa0733acbea50b99be16422b6538df1ff19a64 22248 
ntfs-3g_2014.2.15AR.3-3.debian.tar.xz
 22ef5657275509afc5b4644e90e18c430fa51d4eb7284451627f5eb267db007b 1300006 
ntfs-3g-dbg_2014.2.15AR.3-3_amd64.deb
 e5c8e2d65ab24ac0876287e0556737a5e70080aab238d2d73e7ec9bdbf9c5274 233492 
ntfs-3g-dev_2014.2.15AR.3-3_amd64.deb
 0206ca4ff17f02d12a78cbce9d844606628b88b330ac8b18ca1decac6c95581d 219232 
ntfs-3g-udeb_2014.2.15AR.3-3_amd64.udeb
 919b892361ad768c13919894a57f73299eccaed392a9124fc448c3efbedec8ce 488886 
ntfs-3g_2014.2.15AR.3-3_amd64.deb
Files:
 f41695937bfa482e381ed0cfa7e4b138 2148 otherosfs optional 
ntfs-3g_2014.2.15AR.3-3.dsc
 031615aaf493465ec6202d4e033d7702 22248 otherosfs optional 
ntfs-3g_2014.2.15AR.3-3.debian.tar.xz
 352d4ce0c2c9fe3c499d53a9b8ed1e80 1300006 debug extra 
ntfs-3g-dbg_2014.2.15AR.3-3_amd64.deb
 305d77b1b7d455471ca3b8aa53160545 233492 libdevel optional 
ntfs-3g-dev_2014.2.15AR.3-3_amd64.deb
 2de7df5043f69d5c4c95285c39c4bda9 219232 debian-installer optional 
ntfs-3g-udeb_2014.2.15AR.3-3_amd64.udeb
 0125f0b77ac94ef21e217bae4dfe27bc 488886 otherosfs optional 
ntfs-3g_2014.2.15AR.3-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVZLVpAAoJENzjEOeGTMi/z20P/0Cxt4Prq3EFOQlpHa90WOvw
23e204uwk3XD1fhFrhAW+UCIgWjw07JdYeYNp6mTvWhIKZxCeBAjkbEY1EiaGpJs
gyQtTFEPzT6ekOub3yMxAXniQHNAEuH92HGcFu8AqvRgt1CsmGNhei8EiiGQNv+J
/Ee/mqDqFPn8RM4IqHVXoEVMWe5v/ggXXT7aKigTfe6CjIIWnuAFnabz4prxhsE0
GVPaYJocn46N3yp13vOxRW2LRqiNsFkYZaQVhZONOgz16loYinGg4ea+rAVB2mqE
N+FroqO5AY1CaJ0SI2fOzRyN4v65HkAxJlyCUejZoxSXVfHz/Vo/ada7ZanLTgvt
vsKRmcd6Cjbei8xFKD518Fbb0H9nyAhwTLXnwESA8QzsH2SY+EGjAmnQj+5cWX6T
q4deZMnKS2IwLtPWiPj6HKePG2uIYNrR0bPnAet6tIne4+0NA9X341K8QxPcI55B
bxv7f9Jn9oHsLCICnrpQigpGJB4EyDwu3WHeTh1YsFaaBktVMGuKRKUrB6HBp9sy
dN35d1fj2w14mUkuKFsWGLWFo5SnVVn8/IX1ZIPHYJoFvyO+0ZUqhGdF85czavPE
8VQ5qApeNDlbnFYkDHH+In+3FAmpdtt5fNyE48v44hDVGxQcAzPVa5nRrqXP5B0d
wONNR2Bnlrmg5vF9okTR
=ovpL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to