[ubuntu/vivid-proposed] mountall 2.54ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Nov 18 12:41:13 UTC 2014
mountall (2.54ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: insecure mount permissions (LP: #1390183)
- The mount utility now honours process umask when mounting certain
filesystems, resulting in them being potentially mounted with
inappropriate permissions.
- src/mountall.c: don't specifically set umask when running as a
daemon, inherit the umask Upstart sets instead.
- CVE-2014-1421
Date: Thu, 13 Nov 2014 13:11:38 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/mountall/2.54ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 13 Nov 2014 13:11:38 -0500
Source: mountall
Binary: mountall
Architecture: source
Version: 2.54ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
mountall - filesystem mounting tool
Launchpad-Bugs-Fixed: 1390183
Changes:
mountall (2.54ubuntu1) vivid; urgency=medium
.
* SECURITY UPDATE: insecure mount permissions (LP: #1390183)
- The mount utility now honours process umask when mounting certain
filesystems, resulting in them being potentially mounted with
inappropriate permissions.
- src/mountall.c: don't specifically set umask when running as a
daemon, inherit the umask Upstart sets instead.
- CVE-2014-1421
Checksums-Sha1:
634a0542c9af72aad5b95f954cd01d384cb50c0b 1832 mountall_2.54ubuntu1.dsc
3800d82a1bc9e0947740dd2a219572249fd5b941 645449 mountall_2.54ubuntu1.tar.gz
Checksums-Sha256:
ba47eb3be7abf1024e7d2ec3e07d4adab24cd2686c3293a81d04862000f23d1b 1832 mountall_2.54ubuntu1.dsc
2fd31abbe691921212926c035b6dfd6ab85a87f8488e55118b2209ebe190ee5a 645449 mountall_2.54ubuntu1.tar.gz
Files:
8ea2892bf2466ae52473a96b001fc780 1832 admin required mountall_2.54ubuntu1.dsc
208edf5a22b62806a9b43571bc1e6a9b 645449 admin required mountall_2.54ubuntu1.tar.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUaz4aAAoJEGVp2FWnRL6T3d0P/3OyVPLLcToJv86726p2hIet
VlYfvkicqulwbL4nI9YSMj/ROrDrZJc744eYbT0yJb3RbGwT8eIuhUUydXC7CTM+
/2ixCitNN/FZAVZqlarHz8FP7+ZzDudfpl5kjclBl5weuizqIomSDgpOFkT1m/cA
84+bxWFqePxGuhb3jMIlOpSfP7Vjh9DTSPPyODFKB1NSbHvMrUy8cYqaRnqG/GW3
+HYeXmmBS75/3xy59jXPy7A95o5b8bI7ofCqF5LdXmEuuSVT7qjeRhTPJAnw/pzp
tPrWnyOKiU2e0gmcop3V0SZbiy60WxNBcWDIEps//bVZV9UD3Iw+rX5kd9LFckeB
VKEglncbskuxb0tu/O28O1aAQ/FrdhylA6RZXl2EYYPyPL5wSjFIE1O9//r69PL5
hG9S+dwqhUKkIlHlFgSDpTvm+CuMB8TIDGJ1mG9NXiFNJHhyhsIsQGqp5jDVCNpr
vVBJNpnduAM6A4TeAH9MVOgX7H+nh5B/IYTO9VKmep9uqCeXUBgiE0BsViyQu6KY
Xwi+7cqn0W12IPXCuiLhiy7ZABgGqW3FxkAOiKkSlqb8fLwvGdLlY5acJycaqVzQ
JquUAD1MupMHit3VJo8uGO4l25LQAYPsp4Go976E64es+FwCzZGlFI+pBSb9Jhyo
7TNpAOoOMEXbx4/At/nW
=KfLa
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list