ASA-201705-11 generated external raw

[ASA-201705-11] smb4k: privilege escalation
Arch Linux Security Advisory ASA-201705-11 ========================================== Severity: High Date : 2017-05-10 CVE-ID : CVE-2017-8849 Package : smb4k Type : privilege escalation Remote : No Link : Summary ======= The package smb4k before version 2.0.0-2 is vulnerable to privilege escalation. Resolution ========== Upgrade to 2.0.0-2. # pacman -Syu "smb4k>=2.0.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== Smb4k <= 2.0.0 contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. This allows calling any other binary as root since the mount helper is typically installed as suid. Impact ====== A local, unprivileged attacker can escalate privileges to become root on the affected host. References ==========