fuse: fix for CVE-2015-3202 Privilegde Escalation - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Tudor Florea <tudor.florea@enea.com>	2015-07-16 15:42:38 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2015-07-16 15:43:54 +0200
commit	7c4a652284bf28e82db125adc771af48ae6a99a8 (patch)
tree	1fc575c60a2e5aa847ddd0680b353ea6d303ec1c /meta-webserver
parent	491e08d355107e0285d1345c5d1ed895cab524c4 (diff)
download	meta-openembedded-daisy-enea.tar.gz

fuse: fix for CVE-2015-3202 Privilegde Escalationdaisy-enea

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202 http://www.openwall.com/lists/oss-security/2015/05/21/9 Signed-off-by: Tudor Florea <tudor.florea@enea.com>

Diffstat (limited to 'meta-webserver')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: