About Ubuntu

=========================================================== Ubuntu Security Notice USN-184-1 September 19, 2005 util-linux vulnerability CAN-2005-2876 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mount The problem can be corrected by upgrading the affected package to version 2.12-7ubuntu6.1 (for Ubuntu 4.10), or 2.12p-2ubuntu2.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: David Watson discovered that "umount -r" removed some restrictive mount options like the "nosuid" flag. If /etc/fstab contains user-mountable removable devices which specify the "nosuid" flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling "umount -r" on a removable device. This does not affect the default Ubuntu configuration. Since Ubuntu mounts removable devices automatically, there is normally no need to configure them manually in /etc/fstab.