1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3823-1] eject security update

    From Salvatore Bonaccorso@1:229/2 to All on Tue Mar 28 17:50:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3823-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    March 28, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : eject
    CVE ID : CVE-2017-6964
    Debian Bug : 858872

    Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to
    check if a given device is an encrypted device handled by devmapper, and
    used in eject, does not check return values from setuid() and setgid()
    when dropping privileges.

    For the stable distribution (jessie), this problem has been fixed in
    version 2.1.5+deb1+cvs20081104-13.1+deb8u1.

    For the unstable distribution (sid), this problem has been fixed in
    version 2.1.5+deb1+cvs20081104-13.2.

    We recommend that you upgrade your eject packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljag9JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaLw//RIIkXZzMdggBTgZzDlY2fhypWAlmL6wbjY4QnEDAv26O0HnXl1MxdXls gTEM4QbcO6OqLizSGGhJBeDXBxnVhD2I3YrjjrdIbXNDvxppDDdskSYV94h4zcYk q+PDbPbcIxVRGzdpVxXGZR18ZlaHFqxa7akRAJ92C21BltwdEc2dY3TmZWGBzd6P gtTKDH8QR0di2+tAaQIRbQxDSIEApMJRA1k9Tjbag3SQf4S59BNb1p9SHly0w/CI 3wNxkNs0znP9C8QfBwV4vnGdM18s4gTiU9eIGJy0ePp7LHaRXbh/FtrZdEW8rGOl OZJtkN4+/QpesytJ+ceJV5i9xVV9ABa+ndqsUF7etjMEtAOlLleou9+vNsmIYzi+ j1bVZz89g/094/1Oi5OB/fxz7RiQ59PoLLj034z7UR6yNQUkYr4BwjCjE5Hv78Ex 00bHUrMvTaKZNWcOjS6P+iSzlTgA/qOfVxHfneS/rK4Kfj/nbDHrjJGAQESFZLSA alXWkDaqk6Z1iML+P0HIdGQqTXHdyLKczn1FDSffNBV/5Da5fIacOq/UgBMUsI5+ 8aRSqbEKL2mzj4+W51wo0Ta0JJEIP73k04B1z1kFarVPE+yafKrsgwVNUEV3paoJ zAiPEkevV6vsrK62bqOWiv8acuT3/4erxioBTs1+J0nqq4dkRkg=
    =XnjU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)