drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in util-linux
Name: |
Ausführen von Code mit höheren Privilegien in util-linux |
|
ID: |
DSA-4134-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
So, 11. März 2018, 00:13 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738 |
|
Applikationen: |
util-linux |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4134-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 10, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : util-linux CVE ID : CVE-2018-7738 Debian Bug : 892179
Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present.
For the stable distribution (stretch), this problem has been fixed in version 2.29.2-1+deb9u1.
We recommend that you upgrade your util-linux packages.
For the detailed security status of util-linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/util-linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqkUlhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SBvw//Y+r6WIIllVv5g4A4Oi+2x0jsJ4zlFek1Qbsx0RTXdWTKd7si3GjNnEN3 brn0Ml7GVgPY096nId0lwXQ4DhIVxy22KD9UU3UJSfJ4raK5P/auwSe+Xv9zzYAp NuArtByKca08wInZTxTT2ZkpGcc4mlC+L66ZKtTfQ0SsaPpZLs3tRc2KHjRhxtbM WGkNFfxLsAzp4p1UEQrYL9Zo02ka4GerSQrmbVfPZ44Ku99ZrRwsz458Wk4PjOSR DB8z7txkO16xX4iF7Er+eq1OaKEeVXUu1a3pCXdglWWWQAlegP9f+dPUVuviDJWV XEoCAK0BNtrtitMiV1a1FjvLp0ABfJmqa+26GYUvWGj2YCRd6lee7MgWfb+Hc+6G NxcDNDEIdPN5G94oOh29R3dJ6bST+Boi0eYd7Znuj4sIiU7nhbgYVUTd4dGR1WWM EAsKO4xrHQ5ucmhrb+F28E2N/c81FDeHzgdnOJnwKlCYW2dN2PIW65o6pENE6sQU aqo+SmdplPQFOha9BAprfKiZ+VIBOVL741RB6wr0i7gnIBH5eCp00XB4Q4l7dLzu Yg8jWPHPUVJ9m7caJwAj54EnfiKnjvboLVjETbdH99VI0SuaylxE4uzhPhZIob6I oess20eJQ1EhkjuVQ3cEg6coLeaYPgLIxDsYI8/1YrQpk8KYAbE= =ne8E -----END PGP SIGNATURE-----
|
|
|
|