Описание
Security update for fuse
This update fixes a vulnerability in fuse that did not clear the environment upon execution of external programs. CVE-2015-3202 has been assigned to this issue
Список пакетов
SUSE Linux Enterprise Desktop 12
fuse-2.9.3-5.1
libfuse2-2.9.3-5.1
SUSE Linux Enterprise Server 12
fuse-2.9.3-5.1
libfuse2-2.9.3-5.1
SUSE Linux Enterprise Server for SAP Applications 12
fuse-2.9.3-5.1
libfuse2-2.9.3-5.1
SUSE Linux Enterprise Software Development Kit 12
fuse-devel-2.9.3-5.1
fuse-devel-static-2.9.3-5.1
libulockmgr1-2.9.3-5.1
Ссылки
- Link for SUSE-SU-2015:1053-1
- E-Mail link for SUSE-SU-2015:1053-1
- SUSE Security Ratings
- SUSE Bug 931452
- SUSE CVE CVE-2015-3202 page
Описание
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:fuse-2.9.3-5.1
SUSE Linux Enterprise Desktop 12:libfuse2-2.9.3-5.1
SUSE Linux Enterprise Server 12:fuse-2.9.3-5.1
SUSE Linux Enterprise Server 12:libfuse2-2.9.3-5.1
Ссылки
- CVE-2015-3202
- SUSE Bug 931452