Dear all,
Please note that an security vulnerability has been found in S3QL. The
vulnerability allows an attacker with control over the communication
with the storage backend or the ability to manipulate the data stored in
the backend to trigger execution of arbitrary code by mount.s3ql.
I have just released S3QL 2.11 and S3QL 1.19 which include a fix for the
vulnerability. The necessary patch has also been applied to the s3ql
Debian packages in unstable, testing, and wheezy.
Other distributions have been notified via the openwall distros list on
Monday, Aug 25th, so they will hopefully ship updated packages soon as well.
This vulnerability has been assigned the CVE 2014-0485
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
