Debian-LTS alert DLA-815-1 (ntfs-3g)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 815-1] ntfs-3g security update | |
| Date: | Thu, 2 Feb 2017 18:39:12 +0100 | |
| Message-ID: | <653e3f9a-44d7-f0e2-23eb-fe3cb9bd174c@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ntfs-3g Version : 1:2012.1.15AR.5-2.1+deb7u3 CVE ID : CVE-2017-0358 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. For Debian 7 "Wheezy", these problems have been fixed in version 1:2012.1.15AR.5-2.1+deb7u3. We recommend that you upgrade your ntfs-3g packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAliTbrkACgkQnUbEiOQ2 gwI4KhAAnCZ7TKpQtYa+vR7+sEe0kTTjeRLtW91f+qO/E52MMKW4qdONNFXr5p4U ox8zMECyqHIsszQNYTaSyRKLiwiwRg9GL6A89YPqIQcNESHkj3p0jqdJc1073Tdv JLa9NK8gAaOsAHIDVEsJN++UPds1F0PtGZA7Ynts9it74QemKaQz3jzpzUS9eMUK LTqwgqaLPpBJdDb9cwMzmRbb1tuszOTONtmOdgiD0NEw5tRy/7+Vrn6OfHRidEPN TrHA+SwnTtKHUYPIM4fesOZY7LJ8PGxhjfZy9tL/AOnFDkXEUMsX5KVOC2uvuhmD 5QZbAz/IdDrp7ahwuNdRwAKxiyJ5+5ngRFklpd9odAKkaFGpAnbKU0aixLD7Y9sG jBAhRsGXdIKPIRt5IriC/bhI2SVQAEWGSjUS2h7MSdWO7NQljH1Ow5X47aQUIPzw B1P3j26vDkMoAhkRCkwWEg8zaSjA+xykJbhClcgPjE1Tx0o0d9wlFpGGorYt3ACz zD1cXneHYAG/BxydoPxn07ccv/PPBCRmgjBLlel4YeuUoVPULFuP58xXuk8Da0o7 EMmMVyKnlOoNZotga6T96hvZAhWXZ9GjhUSj6u5vDI6Ndldh8TuDfWUtpTXkVdb3 Ucf8FSmgYDrgB4XgyaISP1e8kSnPjc+rEHQmOobfF+YYHS+56Go= =lckG -----END PGP SIGNATURE-----