Описание
Security update for FUSE
This update for FUSE fixes the following security issue:
* CVE-2015-3202: FUSE did not clear the environment upon execution of
external programs.
Security Issues:
* CVE-2015-3202
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
fuse-2.8.7-0.11.1
libfuse2-2.8.7-0.11.1
SUSE Linux Enterprise Server 11 SP3
fuse-2.8.7-0.11.1
libfuse2-2.8.7-0.11.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
fuse-2.8.7-0.11.1
libfuse2-2.8.7-0.11.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
fuse-2.8.7-0.11.1
libfuse2-2.8.7-0.11.1
SUSE Linux Enterprise Software Development Kit 11 SP3
fuse-devel-2.8.7-0.11.1
Ссылки
- Link for SUSE-SU-2015:1024-1
- E-Mail link for SUSE-SU-2015:1024-1
- SUSE Security Ratings
- SUSE Bug 931452
- SUSE CVE CVE-2015-3202 page
Описание
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:fuse-2.8.7-0.11.1
SUSE Linux Enterprise Desktop 11 SP3:libfuse2-2.8.7-0.11.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:fuse-2.8.7-0.11.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libfuse2-2.8.7-0.11.1
Ссылки
- CVE-2015-3202
- SUSE Bug 931452