Описание
ELSA-2020-5773: fuse security update (IMPORTANT)
[2.9.4-1.0.7.el7]
- \n- bump release number to 2.9.4-1.0.7 (Lans Hung) \n- fix missing Patch1, Patch2, Patch3 declaration in spec file after using %setup -q
/usr/bin/cat /usr/src/redhat/SOURCES/fuse-0001-fix-int64_t-conflict-on-aarch64.patch | /usr/bin/patch -p1 -s
/usr/bin/cat /usr/src/redhat/SOURCES/fuse-0002-fusermount-refuse-unknown-options.patch | /usr/bin/patch -p1 -s
/usr/bin/cat /usr/src/redhat/SOURCES/fuse-0003-fusermount-don-t-feed-escaped-commas-into-mount-opti.patch | /usr/bin/patch -p1 -s
[2.9.4-1.0.6.el7]
- Reviewed-by: Laurence Rochfort laurence.rochfort@oracle.com (Lans Hung)
- add signed-off-by (Lans Hung)
- Security Update based on ELSA-2018-3324 fuse: bypass of the 'user_allow_other' restriction when SELinux is active. [OraBugzilla: 43547][CVE-2018-10906] (Lans Hung)
[2.9.4-1.0.5.el7]
- update to 2.9.4-1.0.5.el7 (lans.hung@oracle.com)
- update changelog in .spec file (lans.hung@oracle.com)
- move patch to buildrpm/ to fix build failure (lans.hung@oracle.com)
- Fix int64_t & uint64_t conflict issue on aarch64. This issue doesn't happen in x86_64 because its bits/sigcontext.h does not include asm/sigcontext.h, which it does on arm64, causing the __s64 definition conflict. This fix uses linux/types.h over manually defined int_t and uint_t in fuse_kernel.h. (Lans Hung) [Orabug: 27889694]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
fuse
2.9.4-1.0.7.el7
fuse-devel
2.9.4-1.0.7.el7
fuse-libs
2.9.4-1.0.7.el7
Связанные CVE
Связанные уязвимости
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...