Your message dated Wed, 21 Sep 2005 07:47:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#329063: fixed in util-linux 2.12p-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Sep 2005 08:08:20 +0000
>From [EMAIL PROTECTED] Mon Sep 19 01:08:20 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EHGhH-0003k9-00; Mon, 19 Sep 2005 01:08:19 -0700
Received: from localhost.localdomain (unknown [195.227.105.180])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Martin Pitt (workstation)", Issuer "piware CA" (verified
OK))
by box79162.elkhouse.de (Postfix) with ESMTP id CFDFA1F9CCA;
Mon, 19 Sep 2005 10:07:38 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id DAE7A613; Mon, 19 Sep 2005 10:00:25 +0200 (CEST)
Date: Mon, 19 Sep 2005 10:00:25 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian BTS Submit <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: mount: [CAN-2005-2876] umount -r privilege escalation
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: util-linux
Version: 2.12p-7
Severity: grave
Tags: security patch
Hi Lamont, Hi security team!
umount -r allows normal users to remove flags like "nosuid" or
"noexec" from user-mountable volumes, which could be exploited to
privilege escalation.
Details are at
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D112656096125857&w=3D2
Ubuntu patch:
http://patches.ubuntu.com/patches/util-linux.CAN-2005-2876.diff
CAN-2005-2876
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDLnAZDecnbV4Fd/IRAhkFAKCNltnohh+JEXT6S4MH34VNoPnVWwCfWgh7
mCEfHyhKUivqBX8Ul5jklKA=
=rwQ6
-----END PGP SIGNATURE-----
--OgqxwSJOaUobr8KG--
---------------------------------------
Received: (at 329063-close) by bugs.debian.org; 21 Sep 2005 14:48:38 +0000
>From [EMAIL PROTECTED] Wed Sep 21 07:48:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EI5sI-0001dd-00; Wed, 21 Sep 2005 07:47:06 -0700
From: LaMont Jones <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#329063: fixed in util-linux 2.12p-8
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 21 Sep 2005 07:47:06 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: util-linux
Source-Version: 2.12p-8
We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive:
bsdutils_2.12p-8_i386.deb
to pool/main/u/util-linux/bsdutils_2.12p-8_i386.deb
fdisk-udeb_2.12p-8_i386.udeb
to pool/main/u/util-linux/fdisk-udeb_2.12p-8_i386.udeb
mount_2.12p-8_i386.deb
to pool/main/u/util-linux/mount_2.12p-8_i386.deb
util-linux-locales_2.12p-8_all.deb
to pool/main/u/util-linux/util-linux-locales_2.12p-8_all.deb
util-linux_2.12p-8.diff.gz
to pool/main/u/util-linux/util-linux_2.12p-8.diff.gz
util-linux_2.12p-8.dsc
to pool/main/u/util-linux/util-linux_2.12p-8.dsc
util-linux_2.12p-8_i386.deb
to pool/main/u/util-linux/util-linux_2.12p-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
LaMont Jones <[EMAIL PROTECTED]> (supplier of updated util-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 21 Sep 2005 08:36:17 -0600
Source: util-linux
Binary: util-linux fdisk-udeb util-linux-locales bsdutils mount
Architecture: all i386 source
Version: 2.12p-8
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <[EMAIL PROTECTED]>
Changed-By: LaMont Jones <[EMAIL PROTECTED]>
Description:
bsdutils - Basic utilities from 4.4BSD-Lite
fdisk-udeb - Partition a hard drive (manual, cfdisk)
mount - Tools for mounting and manipulating filesystems
util-linux - Miscellaneous system utilities
util-linux-locales - Locales files for util-linux
Closes: 328141 329063
Changes:
util-linux (2.12p-8) unstable; urgency=high
.
* if /etc/adjtime is a dangling symlink, don't use it in hwclock*.sh
* Applited patch by Max Vozeler to fix a local privilege escalation
vulnerability in umount -r [debian/patches/51security_CAN-2005-2876.dpatch]
Closes: #328141, #329063
Files:
05dc3e83e483b500a188941d4ec58ca0 700 base required util-linux_2.12p-8.dsc
262121de89e4a4d5da64a9a3043978a9 66258 base required bsdutils_2.12p-8_i386.deb
9ae6656ec71c88fd133b065491ab5079 76281 base required util-linux_2.12p-8.diff.gz
a7c20de195c91631b873ee77745f66f2 140396 base required mount_2.12p-8_i386.deb
d415a1a9db5caa576f2b674183aba292 369144 base required
util-linux_2.12p-8_i386.deb
f07516de7a286e0d396aa9dafa95fc3b 1072692 utils optional
util-linux-locales_2.12p-8_all.deb
f28485490ec5b6208c4850bdec4d2fc0 537254 debian-installer extra
fdisk-udeb_2.12p-8_i386.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDMXGRzN/kmwoKyScRAsj5AJ0dhwzeGrFvt4qByplpRYb8Sq1QiwCdEvAy
QDMHhcsAA129GQwDOx8gJBQ=
=M26d
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
