Re: [SECURITY] [DSA 3451-1] fuse security update

Thu, 21 Jan 2016 13:21:11 -0800 

Unsubscribe
On 21 Jan 2016 22:18, "Jason Wallace" <jason.wall...@wallacetech.com> wrote:

> unsubscribe
>
> Jason Wallace
>
> On Thu, Jan 21, 2016 at 12:30 PM, Yves-Alexis Perez <cor...@debian.org>
> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> -
>> -------------------------------------------------------------------------
>> Debian Security Advisory DSA-3451-1                   secur...@debian.org
>> https://www.debian.org/security/                        Yves-Alexis Perez
>> January 20, 2016                      https://www.debian.org/security/faq
>> -
>> -------------------------------------------------------------------------
>>
>> Package        : fuse
>> CVE ID         : CVE-2016-1233
>>
>> Jann Horn discovered a vulnerability in the fuse (Filesystem in
>> Userspace) package in Debian. The fuse package ships an udev rules
>> adjusting permissions on the related /dev/cuse character device, making
>> it world writable.
>>
>> This permits a local, unprivileged attacker to create an
>> arbitrarily-named character device in /dev and modify the memory of any
>> process that opens it and performs an ioctl on it.
>>
>> This in turn might allow a local, unprivileged attacker to escalate to
>> root privileges.
>>
>> For the oldstable distribution (wheezy), the fuse package is not affected.
>>
>> For the stable distribution (jessie), this problem has been fixed in
>> version 2.9.3-15+deb8u2.
>>
>> For the testing distribution (stretch), this problem has been fixed
>> in version 2.9.5-1.
>>
>> For the unstable distribution (sid), this problem has been fixed in
>> version 2.9.5-1.
>>
>> We recommend that you upgrade your fuse packages.
>>
>> Further information about Debian Security Advisories, how to apply
>> these updates to your system and frequently asked questions can be
>> found at: https://www.debian.org/security/
>>
>> Mailing list: debian-security-annou...@lists.debian.org
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQEcBAEBCgAGBQJWoT/VAAoJEG3bU/KmdcCluUoH/AjfCNv4FhljD2bfLGFWAeIi
>> T5frYjGUdUJH9e88t+onHDk37dwN3W00NjXIdU7viV442hFBzNUjn1FAgAfQGEgD
>> a5COswLK639PbpI/fUekx6mVVu7u3f4i5iq4YGSj6pyfQtHAcpw3XSNwEovBj/xn
>> P4ool1/VcYc0ywJ9RfGo5i8G+gSYoUmEWPUU17BTl7jFD/BukAZ9ddGC5D3Q/M+p
>> yMA/IIZPzSc4+SGcXekN8YFP442xBiLywaSw4sajhBfaZnxMm/wqh3rH91cXMSD9
>> ohVUrc0fXGFRWaczTg/lnCc+VwoHkwKRJHpY8qWPhh0ec8uP+X/qiQ4qpjB+Sq0=
>> =iB9s
>> -----END PGP SIGNATURE-----
>>
>>
>

Reply via email to