Dear all,
I am pleased to announce a new maintenance release of S3QL, version 1.19.
Please note that this is only a maintenance release. Development of S3QL
takes place in the 2.x series. The 1.x releases receive only selected
bugfixes and are only maintained for older systems that do not support
Python 3.3. For systems with Python 3.3 support, using the most recent
S3QL 2.x version is strongly recommended.
>From the changelog:
2014-08-25, S3QL 1.19
* SECURITY UPDATE. Fixed a remote code execution vulnerability.
For non-encrypted file systems, an attacker with control over the
communication with the storage backend or the ability to
manipulate the data stored in the backend was able to trigger
execution of arbitrary code by mount.s3ql.
Encrypted file systems were protected against this if the attacker
did not know the file system passphrase. Mounting an encrypted
file system prepared by an attacker (which is possible if the
attacker shares the file system passphrase) thus allowed the
attacker to execute arbitrary code even when using encryption.
Please report any bugs on the mailing list ([email protected]) or
the issue tracker (https://bitbucket.org/nikratio/s3ql/issues).
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
