bug fixed I think. M $s doing there work Am 22.05.2015 07:57 schrieb "Salvatore Bonaccorso" <[email protected]>:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3268-1 [email protected] > http://www.debian.org/security/ Salvatore Bonaccorso > May 22, 2015 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : ntfs-3g > CVE ID : CVE-2015-3202 > Debian Bug : 786475 > > Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for > FUSE, does not scrub the environment before executing mount or umount > with elevated privileges. A local user can take advantage of this flaw > to overwrite arbitrary files and gain elevated privileges by accessing > debugging features via the environment that would not normally be safe > for unprivileged users. > > For the oldstable distribution (wheezy), this problem has been fixed in > version 1:2012.1.15AR.5-2.1+deb7u1. Note that this issue does not affect > the binary packages distributed in Debian in wheezy as ntfs-3g does not > use the embedded fuse-lite library. > > For the stable distribution (jessie), this problem has been fixed in > version 1:2014.2.15AR.2-1+deb8u1. > > For the testing distribution (stretch) and the unstable distribution > (sid), this problem will be fixed soon. > > We recommend that you upgrade your ntfs-3g packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJVXsUFAAoJEAVMuPMTQ89ELlcP/12Phc4j16CqtmPV7Iul4OY6 > 6krswF326lQgdYTgO84LzLcOJRZ27PDeD67qd04NZHoO0UQ9qiYvTaCh+kvfh6Gs > JHAAeO9tncYt3ZQix5I8GylZcZeq125055QSPC1iG9Ej1fzsKY+2ex4XTJuwHlp7 > DTnBUX0bUverah5LJV7MWB8TVVvrVM7aGMLZ7zT+Fusr4waKZoyegw40oRB1hP4X > xbeXqw4W6kORSZdMuHMKV1ENtivsm8Ehpf61HmjFfrFWJmIEjSEqyNMrpx5YGm+P > 3flkr78I6pxMZk40ZV79oEufh1WAmNF99KbCO6oKYbiOjuy93dS69GgQtTvFeSXc > pwJKtLKoa5oHrpl01DSG7mIbnbz7n9NsSqEzl8a0uMeqO083UIj9FqpuFihOnd66 > hlsrPejYEhtr/ryAmqoFEztIbe+z8WkIVf/otTr/pfp748voTmHic9R2PvIKkC3h > az2fuLi4LWsFPK0QcaZVn7w2w6IUbaRsuYNJk8WCCqYR3p34WvO4iNt03uzdlhS9 > WSRMsyB7WXRhKBFIlUZjsubtaq1yCw7CrcBW7UZ7AgngqNL7bI/Coq2gIySTg9RI > Fkbmrq0uJxNiLy00nlKCSZntNLFkuT+DMxE+q0PbmdBelZ1Wx+LfRXqzjYmcsoLN > +3fJQKVAQMq9N3zvQRsP > =Gdav > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: https://lists.debian.org/[email protected] > >
