|
|
>> Debian Security Update Fixes Fuse Information Disclosure Issue
|
Title : Debian Security Update Fixes Fuse Information Disclosure Issue
VUPEN ID : VUPEN/ADV-2005-1019
CVE ID : CVE-2005-1858
CWE ID : CWE-
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-07-11
|
Debian has released a security patch to correct a vulnerability in Fuse. The problem is that Fuse does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
Affected Products
Debian GNU/Linux stable (sarge)
Debian GNU/Linux unstable (sid)
Solution
Debian GNU/Linux unstable (sid) - Upgrade to version 2.3.0-1
Debian GNU/Linux stable (sarge) - Upgrade to version 2.2.1-4sarge2
References
http://www.vupen.com/english/advisories/2005/1019
http://www.debian.org/security/2005/dsa-744
ChangeLog
2005-07-11 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
