Your message dated Wed, 27 May 2015 07:32:25 +0000 with message-id <e1yxvpb-0000uq...@franck.debian.org> and subject line Bug#786475: fixed in ntfs-3g 1:2012.1.15AR.5-2.1+deb7u2 has caused the Debian Bug report #786475, regarding ntfs-3g: CVE-2015-3202 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 786475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786475 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ntfs-3g Version: 1:2013.1.13AR.3-2 Severity: grave Tags: security patch upstream Justification: user security hole Hi Laszlo ntfs-3g in jessie and above is similarly affected by CVE-2015-3202 since ntfs-3g since 1:2013.1.13AR.3-2 builds with internal fuse copy. The patch I have used to prepare the updates for jessie is attached. ntfs-3g though should try to use the system fuse and not the embedded copy, could you check to switch this back? Regards, SalvatoreDescription: Fix CVE-2015-3202 Missing scrubbing of the environment before executing a mount or umount of a filesystem. Origin: backport Author: Miklos Szeredi <mik...@szeredi.hu> Last-Update: 2015-05-19 --- lib/mount_util.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) --- a/libfuse-lite/mount_util.c +++ b/libfuse-lite/mount_util.c @@ -66,6 +66,7 @@ int fuse_mnt_add_mount(const char *progn return -1; } if (res == 0) { + char *env = NULL; char templ[] = "/tmp/fusermountXXXXXX"; char *tmp; @@ -87,8 +88,8 @@ int fuse_mnt_add_mount(const char *progn exit(1); } rmdir(tmp); - execl("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts, - fsname, mnt, NULL); + execle("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts, + fsname, mnt, NULL, &env); fprintf(stderr, "%s: failed to execute /sbin/mount: %s\n", progname, strerror(errno)); exit(1); @@ -120,9 +121,16 @@ int fuse_mnt_umount(const char *progname return -1; } if (res == 0) { + char *env = NULL; + setuid(geteuid()); - execl("/sbin/umount", "/sbin/umount", !lazy ? "-f" : NULL, mnt, - NULL); + if (!lazy) { + execle("/sbin/umount", "/sbin/umount", "-f", mnt, + NULL, &env); + } else { + execle("/sbin/umount", "/sbin/umount", mnt, + NULL, &env); + } fprintf(stderr, "%s: failed to execute /sbin/umount: %s\n", progname, strerror(errno)); exit(1); @@ -302,6 +310,7 @@ int fuse_mnt_add_mount(const char *progn return 0; } if (res == 0) { + char *env = NULL; char templ[] = "/tmp/fusermountXXXXXX"; char *tmp; @@ -325,8 +334,8 @@ int fuse_mnt_add_mount(const char *progn exit(1); } rmdir(tmp); - execl("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts, - fsname, mnt, NULL); + execle("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts, + fsname, mnt, NULL, &env); fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", progname, strerror(errno)); exit(1);
--- End Message ---
--- Begin Message ---Source: ntfs-3g Source-Version: 1:2012.1.15AR.5-2.1+deb7u2 We believe that the bug you reported is fixed in the latest version of ntfs-3g, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 786...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ntfs-3g package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 May 2015 20:46:20 +0200 Source: ntfs-3g Binary: ntfs-3g ntfs-3g-dbg ntfs-3g-dev ntfs-3g-udeb ntfsprogs Architecture: source amd64 all Version: 1:2012.1.15AR.5-2.1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Daniel Baumann <daniel.baum...@progress-technologies.net> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: ntfs-3g - read/write NTFS driver for FUSE ntfs-3g-dbg - read/write NTFS driver for FUSE (debug) ntfs-3g-dev - read/write NTFS driver for FUSE (development) ntfs-3g-udeb - read/write NTFS driver for FUSE (udeb) ntfsprogs - read/write NTFS driver for FUSE (transitional package) Closes: 786475 Changes: ntfs-3g (1:2012.1.15AR.5-2.1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Update CVE-2015-3202.patch patch. CVE-2015-3202: Missing scrubbing of the environment before executing a mount or umount of a filesystem. The previous fix for CVE-2015-3202 was incomplete and missed the replacement of one execl call with execle. (Closes: #786475) Checksums-Sha1: 25646d26b3f609279570ce6885edb94074b0e70d 2137 ntfs-3g_2012.1.15AR.5-2.1+deb7u2.dsc f5fc51bf368884ec64c4ec41a9b63353187aa6c6 29193 ntfs-3g_2012.1.15AR.5-2.1+deb7u2.debian.tar.gz 063e945b5ccd8dc5e6917771700ed0b87aa2759d 630128 ntfs-3g_2012.1.15AR.5-2.1+deb7u2_amd64.deb f101e0576c68e5ce9c0a4fa129aca38753386266 1402922 ntfs-3g-dbg_2012.1.15AR.5-2.1+deb7u2_amd64.deb 2f6cfdc4b07028d72a1b00c189c16fce97de782a 253302 ntfs-3g-dev_2012.1.15AR.5-2.1+deb7u2_amd64.deb 4f5bd2b0bf3a406f6e2da019a0d5499380a45f46 179148 ntfs-3g-udeb_2012.1.15AR.5-2.1+deb7u2_amd64.udeb c65ab6a1a9995a8553a9820f290c79d432c50dd0 17654 ntfsprogs_2012.1.15AR.5-2.1+deb7u2_all.deb Checksums-Sha256: 8f22406961e518e130d9ed07c3267b5beed2a9981b7a4ad7f35d55ddb338640a 2137 ntfs-3g_2012.1.15AR.5-2.1+deb7u2.dsc 74787793721fb909ffcca3a6b51d78d68123cbf01534533fd3201cdaa6c7bc64 29193 ntfs-3g_2012.1.15AR.5-2.1+deb7u2.debian.tar.gz 2880c9888769b47d8f00ff77fe54315712f29ab97bf079a6a3bd66792a7c4688 630128 ntfs-3g_2012.1.15AR.5-2.1+deb7u2_amd64.deb 18ad650f43d10532f5d46b40902461676d06e26452af48e4205a6c0c4a644086 1402922 ntfs-3g-dbg_2012.1.15AR.5-2.1+deb7u2_amd64.deb 695cc441c1b4532a5f55107494291375d042de535266f8ff771c644c88eff443 253302 ntfs-3g-dev_2012.1.15AR.5-2.1+deb7u2_amd64.deb a5b6f4dc162fb5544e4460ce6390cff0e4c34a9dd345c4502cde6fd69a236c56 179148 ntfs-3g-udeb_2012.1.15AR.5-2.1+deb7u2_amd64.udeb 0ccb6f733599474753bfbaf47c182c9405914086391b31a5a0277412b06675c7 17654 ntfsprogs_2012.1.15AR.5-2.1+deb7u2_all.deb Files: 2f8c0a108d8d97eba2548e4c6912e7d4 2137 otherosfs optional ntfs-3g_2012.1.15AR.5-2.1+deb7u2.dsc 0441bb6965d2222d7c60740cc11e9cd3 29193 otherosfs optional ntfs-3g_2012.1.15AR.5-2.1+deb7u2.debian.tar.gz df4ff2a39a2a19a886a4b3c61c57eaf5 630128 otherosfs optional ntfs-3g_2012.1.15AR.5-2.1+deb7u2_amd64.deb 064c350c959ebcc374df0c29689bd9f7 1402922 debug extra ntfs-3g-dbg_2012.1.15AR.5-2.1+deb7u2_amd64.deb 219c5eca85b9e6d03c35b119211d7101 253302 libdevel optional ntfs-3g-dev_2012.1.15AR.5-2.1+deb7u2_amd64.deb 23a0746023ccc4dc0bc398f3ff3ffc95 179148 debian-installer optional ntfs-3g-udeb_2012.1.15AR.5-2.1+deb7u2_amd64.udeb 9a03e9bc0c05b1956a2a6f3511aebbc2 17654 metapackages optional ntfsprogs_2012.1.15AR.5-2.1+deb7u2_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVZMBMAAoJEAVMuPMTQ89ES4oP/20gwxma2zYEFdpFGv4AqLcV 5ugowiCHFPr6y9q73CatT0Wh5PYkr1idrlF7pE0MKXyt6kKvrUC+6P7lBlmDQTbx /yRsE1NbiOL40dPtlPcPdZnePji0wa4CwbrBTN1TmXHNk7Vtx9r7D1iPRky9a7F1 utfjcb9bj2Tcbb4RYWaDWAkmKhLbE13YZD4PgfPdtbOGKfwJE8Fw6Fr8bvbYga3p ibOf9OgcbvlDRM3PlI5627qJbr0nGZI8ohZE/jAXX+lqk9VsxBGt+qh0g161bZ+7 WlRUwWDJvGCSESZwg3qf1zjxhzqD/AxzeSs2PN7CR6YNY4SOf7RgysRFKYLnCZGk 4H54PcLFIO8Kkaud6fcRBNbGI7B5PBYRz9D7UX4aanwqYVKHO6N7mzqHpGTZwbcw ON9DnkO1x07Ly7zg7/uxzLDVtSmjZfPhZCfCwUA1tPjCARx7vMKiOnL7UzMoRdwg dVxoJe5nmSoowJ9II9Lp97C2ClvIH61UjMc+yNcRUO0IN5Bj7ipC8njekZC9bzBk q9ctzKkuRQikLka+qh46y/OkC4YMxSJttUgNTuGXVADrCKC8dtdwIV29ThvyTJ1h Irg0jrSz6NWNcAFyxZH//OwsZYBDqvk34H2xpG2qAM5X5I9QJttbHuBRmXFdN1Em o2CFbZ6+r4MdAQX4ff1+ =apN7 -----END PGP SIGNATURE-----
--- End Message ---
