-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3266-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 21, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : fuse CVE ID : CVE-2015-3202 Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users. For the oldstable distribution (wheezy), this problem has been fixed in version 2.9.0-2+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.9.3-15+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your fuse packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVXhUoAAoJEAVMuPMTQ89E1VIQAJ0atrAmdzG2yiJdVEF+15HP 8YvdZbArbyay4mgQBxZCe8+x9V07gs0M2an9j7MwgCaicWOS7z0cea9AUotOEfhc eWd4cuaGhozZUk8qKTVphj88wJvbYX4W7ha8ld3JnrsBq1fImTcRL2c8JBzdx8aD FWDosY4uCVfIF+89/IbHuOJQ2KsZrq8s8cTXf7wtm8+GC69ZDWPBO+3zPHnzpa8e Y7nU/UC5rt2d20OQvQasszCkD41vncYhsw4OvOV6iA9CvGgoo5f9fsyOp3euEZwC O18sKvFRSMH98SKgBHaKu9qyXRhy4RG7GBuLghLKDaBvQuTLoHCgLLCtEY1ZLybg OSWH7De+fagxuTE+xrsoa5RY/uhrKbi80RTXUUfbVcecwr2ycfs3q2WbYGxdu1kE hi06prNbDPWNO+EHGq+CcHoEAqOU2FY/klc3+VwvmpNzetautZK8Qx9ZhL52zLK4 aSSaLAQkcj1nig8aKvf3U0qu00ymSjr7Wl2ZenupK+fExDYs/MBvO8nxVAM21TSS sVv43MgeTesKGMHRVTjtLDc9bRmXrC7wPE17QPfPdZ8enhEn6t3oQ6oKII9pfTvI deo+WE7aVzDC8tyUmqbNSt1MlHUxIIfcaPCAUV0ILc1BoM8KyUqEIgBcHQiB+FEL PiSzqmlVrFkfTYzhwgSV =H1uy -----END PGP SIGNATURE-----