Mageia alert MGASA-2012-0339 (fuse) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0339: fuse-2.8.5-1.1.mga1 (1/core) 
Date:
    	       Fri, 23 Nov 2012 21:29:08 +0100
Message-ID:
    	       <20121123202908.GA26031@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0339
Date: 	November 23rd, 2012
Affected releases: 	1


Description:
Updated fuse packages fix security vulnerabilities:

Multiple flaws were found in the way fusermount handled the mounting and
unmounting of directories when symbolic links were present. A local user
in the fuse group could use these flaws to unmount file systems, which
they would otherwise not be able to unmount and that were not mounted
using FUSE, via a symbolic link attack (CVE-2010-3879, CVE-2011-0541,
CVE-2011-0542, CVE-2011-0543).


Updated Packages:
fuse-2.8.5-1.1.mga1
lib(64)fuse2-2.8.5-1.1.mga1
lib(64)fuse-devel-2.8.5-1.1.mga1
lib(64)fuse-static-devel-2.8.5-1.1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543
https://rhn.redhat.com/errata/RHSA-2011-1083.html
https://bugs.mageia.org/show_bug.cgi?id=7063
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)