ALT-PU-2019-4176-1

Package fuse updated to version 2.9.9-alt1 for branch sisyphus in task 225075.

Уязвимость модуля fusermount драйвера файловых систем для UNIX-подобных операционных систем FUSE, позволяющая нарушителю вызвать отказ в обслуживании или другое неопределенное поведение

Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2018-10906

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.

Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8)Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package fuse update in sisyphus on 2019-03-15

ALT-PU-2019-4176-1

Closed vulnerabilities

BDU:2019-00421

CVE-2018-10906