openSUSE-SU-2018:3696-1

Опубликовано: 09 нояб. 2018

Источник: suse-cvrf

Описание

Security update for ntfs-3g_ntfsprogs

This update for ntfs-3g_ntfsprogs fixes the following issues:

CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

libntfs-3g-devel-2013.1.13-7.3.1

libntfs-3g84-2013.1.13-7.3.1

ntfs-3g-2013.1.13-7.3.1

ntfs-3g_ntfsprogs-2013.1.13-7.3.1

ntfsprogs-2013.1.13-7.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00008.html
E-Mail link for openSUSE-SU-2018:3696-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

Затронутые продукты

openSUSE Leap 42.3:libntfs-3g-devel-2013.1.13-7.3.1

openSUSE Leap 42.3:libntfs-3g84-2013.1.13-7.3.1

openSUSE Leap 42.3:ntfs-3g-2013.1.13-7.3.1

openSUSE Leap 42.3:ntfs-3g_ntfsprogs-2013.1.13-7.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-0358.html
CVE-2017-0358
https://bugzilla.suse.com/1022500
SUSE Bug 1022500
https://bugzilla.suse.com/1022999
SUSE Bug 1022999
https://bugzilla.suse.com/1086936
SUSE Bug 1086936

openSUSE-SU-2018:3696-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-0358

Описание

Затронутые продукты

Ссылки