Max Vozeler wrote:
> Hi security team,
>
> the loop-aes-utils package in sarge is affected by CAN-2005-2876
> (#328626). I've prepared a stable-security upload of 2.12p-4sarge1
> with a fix backported from 2.12r-pre1:
>
> http://people.debian.org/~xam/security/loop-aes-utils/
>
> This bug will be fixed in unstable with 2.12p-9 (pending upload).
Thanks a lot.
> Note that this update will not be effective until mount is also
> fixed. The /bin/umount binary from 'mount' is diverted to
> /bin/umount.orig and remains setuid root, so an attacker could
> just use that binary instead of the one from loop-aes-utils.
Yes, a fix for the original mount is pending already.
Regards,
Joey
--
Those who don't understand Unix are condemned to reinvent it, poorly.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
