Re: [SECURITY] [DSA 3451-1] fuse security update

Thu, 21 Jan 2016 13:18:23 -0800 

unsubscribe

Jason Wallace

On Thu, Jan 21, 2016 at 12:30 PM, Yves-Alexis Perez <cor...@debian.org>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3451-1                   secur...@debian.org
> https://www.debian.org/security/                        Yves-Alexis Perez
> January 20, 2016                      https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : fuse
> CVE ID         : CVE-2016-1233
>
> Jann Horn discovered a vulnerability in the fuse (Filesystem in
> Userspace) package in Debian. The fuse package ships an udev rules
> adjusting permissions on the related /dev/cuse character device, making
> it world writable.
>
> This permits a local, unprivileged attacker to create an
> arbitrarily-named character device in /dev and modify the memory of any
> process that opens it and performs an ioctl on it.
>
> This in turn might allow a local, unprivileged attacker to escalate to
> root privileges.
>
> For the oldstable distribution (wheezy), the fuse package is not affected.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 2.9.3-15+deb8u2.
>
> For the testing distribution (stretch), this problem has been fixed
> in version 2.9.5-1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 2.9.5-1.
>
> We recommend that you upgrade your fuse packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-annou...@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCgAGBQJWoT/VAAoJEG3bU/KmdcCluUoH/AjfCNv4FhljD2bfLGFWAeIi
> T5frYjGUdUJH9e88t+onHDk37dwN3W00NjXIdU7viV442hFBzNUjn1FAgAfQGEgD
> a5COswLK639PbpI/fUekx6mVVu7u3f4i5iq4YGSj6pyfQtHAcpw3XSNwEovBj/xn
> P4ool1/VcYc0ywJ9RfGo5i8G+gSYoUmEWPUU17BTl7jFD/BukAZ9ddGC5D3Q/M+p
> yMA/IIZPzSc4+SGcXekN8YFP442xBiLywaSw4sajhBfaZnxMm/wqh3rH91cXMSD9
> ohVUrc0fXGFRWaczTg/lnCc+VwoHkwKRJHpY8qWPhh0ec8uP+X/qiQ4qpjB+Sq0=
> =iB9s
> -----END PGP SIGNATURE-----
>
>

Reply via email to