[Nix-commits] [NixOS/nixpkgs] 723a56: ntfs3g: patch for CVE-2017-0358

Graham Christensen Wed, 08 Feb 2017 19:13:16 -0800

  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 723a5632e1244de13f9f31936346e6057f5435fc
      
https://github.com/NixOS/nixpkgs/commit/723a5632e1244de13f9f31936346e6057f5435fc
  Author: Graham Christensen <[email protected]>
  Date:   2017-02-08 (Wed, 08 Feb 2017)


  Changed paths:
    M pkgs/tools/filesystems/ntfs-3g/default.nix

  Log Message:
  -----------
  ntfs3g: patch for CVE-2017-0358

>From the Debian advisory:

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
NTFS driver for FUSE, does not scrub the environment before executing
modprobe with elevated privileges. A local user can take advantage of
this flaw for local root privilege escalation.

(cherry picked from commit 19f23d00fd91c68911c8bf8e7d8dc0e19a3faaaa)

_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 723a56: ntfs3g: patch for CVE-2017-0358

Reply via email to