Fehlerhafte Zugriffsrechte in mountall
ID: | USN-2411-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.10 |
Datum: | Mi, 19. November 2014, 07:34 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1421 |
Applikationen: | mountall |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4477334820762650397== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0w4TGK0SIxkAKwqX4IMpAv7otb0bmq3QC" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0w4TGK0SIxkAKwqX4IMpAv7otb0bmq3QC Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2411-1 November 18, 2014 mountall vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 Summary: mountall could mount certain filesystems with the wrong permissions. Software Description: - mountall: filesystem mounting tool Details: Saurav Sengupta discovered that mountall incorrectly handled umask when calling the mount utility, resulting in certain filesystems possibly being mounted with incorrect permissions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: mountall 2.54ubuntu0.14.10.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2411-1 CVE-2014-1421 Package Information: https://launchpad.net/ubuntu/+source/mountall/2.54ubuntu0.14.10.1 --0w4TGK0SIxkAKwqX4IMpAv7otb0bmq3QC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUa0GEAAoJEGVp2FWnRL6TQlgP/2anRGJAHOoV2p2NkwRs4CfY Fl8ZXEY/JSpCX5CXT4XEH7EfUK8ygPvDFH2HL0Eqh2PQvddXGw5gzIBfGBzjUyXo ObVePdG6U1ppu6jG1OlhgvxCu2NDA24egYJ5TH03OjkOMj0+42oO+8ZhNtTEKZK+ LqmeB9cEGVeNPuiYffd42WVaL/kJ4dh8KV9OrK+Zy1DZ+iEpQ56hUDsnCzX4j/cD 7Satqr0yF/1c2nWNVd7yCuaBrfQioIfXcrB0i0v/H3gKiERgAQxBh8Gwn7DM7Ees v7/MpwYtwwmhMvugFgftyR7KZ0WGqOaWrVoY2G2iuCSoyoSzkqXD/DuZh+rMUaTX NQFFQYlrxrOYDO62NSzvDBmaohzWVJRHUPmhs+M1ivXGcrLcx1ANjNzfGve2TssD 9WnszMVOPM22YDvJzoBD+RDf1SLnnT8nz2gPNIn2uGofRPyDigZAbpgr3nkFLhlH rpedccFWctLFbyKwWT6VmY6tHwxAOGuimdZdFnprf4dFc6VN8ECU/H7qa3uYWZE7 BT/ACsi6CP8VFSUwRyjRR7gLubKn7tDR4aN5yBt9X4OrP8Tk62hnIV1jYqtEVwUY 91w/kEOpVvzVnkRYgJXFgSjPWfkWbUg5ofJ3v9c97o8yiELX+KLYszB/SjoUzrqU zs1Ty0iY5+Tbfimu9bUT =VXb7 -----END PGP SIGNATURE----- --0w4TGK0SIxkAKwqX4IMpAv7otb0bmq3QC-- --===============4477334820762650397== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============4477334820762650397==-- |