Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4134-1] util-linux security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4134-1] util-linux security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4134-1] util-linux security update
  • Date: Sat, 10 Mar 2018 21:53:26 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1eumQg-0007Gw-QH AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 10 Mar 2018 21:53:45 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <9S0hoJGe0kL.A.dfB.pPFpaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4134-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 10, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : util-linux
CVE ID : CVE-2018-7738
Debian Bug : 892179

Bjorn Bosselmann discovered that the umount bash completion from
util-linux does not properly handle embedded shell commands in a
mountpoint name. An attacker with rights to mount filesystems can take
advantage of this flaw for privilege escalation if a user (in particular
root) is tricked into using the umount completion while a specially
crafted mount is present.

For the stable distribution (stretch), this problem has been fixed in
version 2.29.2-1+deb9u1.

We recommend that you upgrade your util-linux packages.

For the detailed security status of util-linux please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/util-linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqkUlhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SBvw//Y+r6WIIllVv5g4A4Oi+2x0jsJ4zlFek1Qbsx0RTXdWTKd7si3GjNnEN3
brn0Ml7GVgPY096nId0lwXQ4DhIVxy22KD9UU3UJSfJ4raK5P/auwSe+Xv9zzYAp
NuArtByKca08wInZTxTT2ZkpGcc4mlC+L66ZKtTfQ0SsaPpZLs3tRc2KHjRhxtbM
WGkNFfxLsAzp4p1UEQrYL9Zo02ka4GerSQrmbVfPZ44Ku99ZrRwsz458Wk4PjOSR
DB8z7txkO16xX4iF7Er+eq1OaKEeVXUu1a3pCXdglWWWQAlegP9f+dPUVuviDJWV
XEoCAK0BNtrtitMiV1a1FjvLp0ABfJmqa+26GYUvWGj2YCRd6lee7MgWfb+Hc+6G
NxcDNDEIdPN5G94oOh29R3dJ6bST+Boi0eYd7Znuj4sIiU7nhbgYVUTd4dGR1WWM
EAsKO4xrHQ5ucmhrb+F28E2N/c81FDeHzgdnOJnwKlCYW2dN2PIW65o6pENE6sQU
aqo+SmdplPQFOha9BAprfKiZ+VIBOVL741RB6wr0i7gnIBH5eCp00XB4Q4l7dLzu
Yg8jWPHPUVJ9m7caJwAj54EnfiKnjvboLVjETbdH99VI0SuaylxE4uzhPhZIob6I
oess20eJQ1EhkjuVQ3cEg6coLeaYPgLIxDsYI8/1YrQpk8KYAbE=
=ne8E
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4134-1] util-linux security update, Salvatore Bonaccorso, 10.03.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang