Описание
Security update for fuse
This update for fuse fixes the following issues:
- CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
fuse-2.9.7-lp150.2.3.1
fuse-devel-2.9.7-lp150.2.3.1
fuse-devel-static-2.9.7-lp150.2.3.1
fuse-doc-2.9.7-lp150.2.3.1
libfuse2-2.9.7-lp150.2.3.1
libfuse2-32bit-2.9.7-lp150.2.3.1
libulockmgr1-2.9.7-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3325-1
- SUSE Security Ratings
Описание
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Затронутые продукты
openSUSE Leap 15.0:fuse-2.9.7-lp150.2.3.1
openSUSE Leap 15.0:fuse-devel-2.9.7-lp150.2.3.1
openSUSE Leap 15.0:fuse-devel-static-2.9.7-lp150.2.3.1
openSUSE Leap 15.0:fuse-doc-2.9.7-lp150.2.3.1
Ссылки
- CVE-2018-10906
- SUSE Bug 1101797
- SUSE Bug 1127346
- SUSE Bug 1127350