exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 3268-2

Debian Security Advisory 3268-2
Posted May 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3268-2 - The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was incomplete. This update corrects that problem.

tags | advisory
systems | linux, debian
advisories | CVE-2015-3202
SHA-256 | b7c69f8cfa29936d006258e0fcdb514c6417d0b4c458b336646174bb2c202b63

Debian Security Advisory 3268-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3268-2 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
May 26, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ntfs-3g
CVE ID : CVE-2015-3202
Debian Bug : 786475

The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was
incomplete. This update corrects that problem. For reference the
original advisory text follows.

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for
FUSE, does not scrub the environment before executing mount or umount
with elevated privileges. A local user can take advantage of this flaw
to overwrite arbitrary files and gain elevated privileges by accessing
debugging features via the environment that would not normally be safe
for unprivileged users.

For the oldstable distribution (wheezy), this problem has been fixed in
version 1:2012.1.15AR.5-2.1+deb7u2. Note that this issue does not affect
the binary packages distributed in Debian in wheezy as ntfs-3g does not
use the embedded fuse-lite library.

For the stable distribution (jessie), this problem has been fixed in
version 1:2014.2.15AR.2-1+deb8u2.

For the unstable distribution (sid), this problem has been fixed in
version 1:2014.2.15AR.3-3.

We recommend that you upgrade your ntfs-3g packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVZM0HAAoJEAVMuPMTQ89EJggP/0zWLrGHeQuWaOanEo/zBdKq
R6Er4/Apz1tlduUYz7whFuZTM4jZYjo9G15laoZefB+4ntzmSiCZMp+9KuPf8oN5
90rOU6/Pw91e8BxEiTIQ+V9QLAwdu84NMuuNFxBnqSWg55q/FzBbup0pnz/rJupi
XvJkcSeEmx9rPOhHET/xMMu1jCDD+L/j14+ekcfyBx/Gvw8HxYiHHFMSoOvDIG17
1nU3BOu7CjOrvu4rsUpEYVUYIOSjq86SToZcBb8MJ2yPhNh+hqr76qx14REpPV2t
CYUCGb2nU0Vwix/IGsKzYUZJeFVjdNuNNWP0qxP2sF0EZWihYBCPYJstfdgbFAM5
XrYTS9O7MwMNn3D5Ac2Z0IPFr4/jq2JhzVSJ16/8ZOo6DY6xCjFy/ysErCkD+Qu6
DMNKvmT+Q3h3T+eEEKSpfcZFXT3peg0obATvsTGONn2so4OYGk0NT4V9Mybq+D3L
qbdB0DDsbjmG3csHchYeoPIy7wYuw2JChkViZAcolXtn4ClQdOhZxqDGRzYDrLcc
YnoWP4hvac9EFUs7NHZ+fYXUGCgc8F5oTqZ2DmPiMXg8f0tWBDWMnznumhc5skip
l9IqI4kmU+Ik7KsbHOaRpItgnup88Mpw5FxgWDxOQEUET6jtEwhZohRN4rMbyWep
iUKNmJ4HnoBJVgX3810+
=O+Kf
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close