Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem. For the stable distribution (etch), this problem has been fixed in version 0.1.1-1+etch1. For the unstable distribution (sid), this problem has been fixed in version 0.2-3. We recommend that you upgrade your afuse (0.1.1-1+etch1) package.
Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem.
For the stable distribution (etch), this problem has been fixed in version 0.1.1-1+etch4.
For the unstable distribution (sid), this problem has been fixed in version 0.2-3.
We recommend that you upgrade your afuse (0.1.1-1+etch4) package.
MD5 checksums of the listed files are available in the original advisory.