Debian Security Advisory 3266-1

Debian Security Advisory 3266-1: Posted May 21, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3266-1 - Tavis Ormandy discovered that FUSE, a Filesystem in Userspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.; tags | advisory, arbitrary, local; systems | linux, debian; advisories | CVE-2015-3202; SHA-256 | c9b513c810f42744dffe969ba1742503b406d74fc6d9acf60cf4363bf131a9d5; Download | Favorite | View

Debian Security Advisory 3266-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3266-1                   security@debian.org
https://www.debian.org/security/                      Salvatore Bonaccorso
May 21, 2015                           https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fuse
CVE ID         : CVE-2015-3202

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not
scrub the environment before executing mount or umount with elevated
privileges. A local user can take advantage of this flaw to overwrite
arbitrary files and gain elevated privileges by accessing debugging
features via the environment that would not normally be safe for
unprivileged users.

For the oldstable distribution (wheezy), this problem has been fixed
in version 2.9.0-2+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 2.9.3-15+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your fuse packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVXhUoAAoJEAVMuPMTQ89E1VIQAJ0atrAmdzG2yiJdVEF+15HP
8YvdZbArbyay4mgQBxZCe8+x9V07gs0M2an9j7MwgCaicWOS7z0cea9AUotOEfhc
eWd4cuaGhozZUk8qKTVphj88wJvbYX4W7ha8ld3JnrsBq1fImTcRL2c8JBzdx8aD
FWDosY4uCVfIF+89/IbHuOJQ2KsZrq8s8cTXf7wtm8+GC69ZDWPBO+3zPHnzpa8e
Y7nU/UC5rt2d20OQvQasszCkD41vncYhsw4OvOV6iA9CvGgoo5f9fsyOp3euEZwC
O18sKvFRSMH98SKgBHaKu9qyXRhy4RG7GBuLghLKDaBvQuTLoHCgLLCtEY1ZLybg
OSWH7De+fagxuTE+xrsoa5RY/uhrKbi80RTXUUfbVcecwr2ycfs3q2WbYGxdu1kE
hi06prNbDPWNO+EHGq+CcHoEAqOU2FY/klc3+VwvmpNzetautZK8Qx9ZhL52zLK4
aSSaLAQkcj1nig8aKvf3U0qu00ymSjr7Wl2ZenupK+fExDYs/MBvO8nxVAM21TSS
sVv43MgeTesKGMHRVTjtLDc9bRmXrC7wPE17QPfPdZ8enhEn6t3oQ6oKII9pfTvI
deo+WE7aVzDC8tyUmqbNSt1MlHUxIIfcaPCAUV0ILc1BoM8KyUqEIgBcHQiB+FEL
PiSzqmlVrFkfTYzhwgSV
=H1uy
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 3266-1

Debian Security Advisory 3266-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3266-1

Share This

Debian Security Advisory 3266-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems