Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Debian: New afuse packages fix privilege escalation

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Debian: New afuse packages fix privilege escalation
# 1  
Old 07-16-2008
Debian: New afuse packages fix privilege escalation
LinuxSecurity.com: Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

module::cpants::kwalitee::distros

Module::CPANTS::Kwalitee::Distros(3pm)			User Contributed Perl Documentation		    Module::CPANTS::Kwalitee::Distros(3pm)

NAME

       Module::CPANTS::Kwalitee::Distros - Information retrieved from the various Linux and other distributions

SYNOPSIS

       The metrics here are based on data provided by the various downstream packaging systems.

DESCRIPTION

   Methods
       order

       Defines the order in which Kwalitee tests should be run.

       analyse

       kwalitee_indicators

       Returns the Kwalitee Indicators datastructure.

       o   distributed_by_debian

	   True if the module (package) is repackaged by the Debian-Perl team and you can install it using the package management system of
	   Debian.

       o   latest_version_distributed_by_debian

	   True if the latest version of the module (package) is repackaged by Debian

       o   has_no_bugs_reported_in_debian

	   True for if the module is distributed by Debian and no bugs were reported.

       o   has_no_patches_in_debian

	   True for if the module is distributed by Debian and no patches applied.

Caveats
       CPAN_dist, the name of CPAN distribution is inferred from the download location, for Debian packages. It works 99% of the time, but it is
       not completely reliable.  If it fails to detect something, it will spit out the known download location.

       CPAN_vers, the version number reported by Debian is inferred from the debian version.  This fails a lot, since Debian has a mechanism for
       "unmangling" upstream versions which is non-reversible. We have to use that many times to fix versioning problems, and those packages will
       show a different version (e.g. 1.080 vs 1.80)

       The first problem is something the Debian people like to solve by adding metadata to the packages, for many other useful stuff (like
       automatic upstream bug tracking and handling). About the second... well, it's a difficult one.

       CPANTS does not yet handle the second issue.

LINKS

       Basic homepage: http://packages.debian.org/src:$pkgname

       Detalied homepage: http://packages.qa.debian.org/$pkgname

       Bugs report: http://bugs.debian.org/src:$pkgname

       Public SVN repository: http://svn.debian.org/wsvn/pkg-perl/trunk/$pkg

       From that last URL, you might be interested in the debian/ and debian/patches subdirectories.

SEE ALSO

       Module::CPANTS::Analyse

AUTHOR

       Thomas Klausner <https://metacpan.org/author/domm> and Gabor Szabo <https://metacpan.org/author/szabgab> with the help of Martin Ferrari
       and the Debian Perl packaging team <http://pkg-perl.alioth.debian.org/>.

COPYRIGHT AND LICENSE

       Copyright X 2003X2009 Thomas Klausner <https://metacpan.org/author/domm>

       Copyright X 2006X2008 Gabor Szabo <https://metacpan.org/author/szabgab>

       You may use and distribute this module according to the same terms that Perl is distributed under.

perl v5.14.2							    2012-06-08				    Module::CPANTS::Kwalitee::Distros(3pm)