-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3450-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ecryptfs-utils CVE ID : CVE-2016-1572 Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges. For the oldstable distribution (wheezy), this problem has been fixed in version 99-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 103-5+deb8u1. We recommend that you upgrade your ecryptfs-utils packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWn6/mAAoJEAVMuPMTQ89EV4sQAIVM6CfIxSMuwdGbHZZ8Qa9O sm20+i0NTNAq9xnCS0F4js9YblgqdtWE8NUII/+fQtN9wfRT+TU7kxnTfnWFiiDt qOsGZE5hquOVAtlRRwcjCUlzyyv5T96cPdg8I7tsCS6S1eZUq2NdEkxl09XBA8m4 SXSJRX4ZGwkt7Aon5ohQGiLREmSf1NgWXyfYakQ1oD30J3CbL2I+mBgfcZ98s4cu 7Y0w3kTXMnaDyuzf/v2XuGm8bfJNCmt1yu86ZVnNUREvQ5ANXsyyAX+ra6I0nkMD 8LzqFuq5riabw0ouOsZ5yLo2YmKe+594MF4n1a59C04ysbk+mNop9PIxWCmGsOPK 2YyUbCyqJLg9h0uw8AMCKEPZnKKi/wJXR5AcW4lKgloT87NYOVUB9KI6G4a4JbDf 8yt2AOchzvvwKs1daPaj9OCH6PzVYqSKiAbL6AGpUQkl26QYXiMB07wVXID+xLY4 rGHqeW2PGYDrHuwj9M6GdWQq+y5/JkgXXJQk7dlGdajF7/cmpMYiMPrJ1/9crGxP BxUJsSqYF1GORbr1fTEQDfiaeuzPc6WNu2YPjzWTNAdfmAxvhpMZNans8yXPXN0G fJ/MrBpRcHOLYlKlLKby7M8r7c9+r2FbkgA8rsage4qYga0uE1UqQZ7+kSruRvGY XFYNo3wxy0eK+RmqthLx =VFgC -----END PGP SIGNATURE-----
