USN-2411-1: mountall vulnerability

18 November 2014

mountall vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10

Summary

mountall could mount certain filesystems with the wrong permissions.

Software Description

  • mountall - filesystem mounting tool

Details

Saurav Sengupta discovered that mountall incorrectly handled umask when calling the mount utility, resulting in certain filesystems possibly being mounted with incorrect permissions.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
mountall - 2.54ubuntu0.14.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References