fuse: fix for CVE-2015-3202 Privilege Escalation - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Tudor Florea <tudor.florea@enea.com>	2015-07-16 16:06:33 +0200
committer	Armin Kuster <akuster808@gmail.com>	2015-07-19 17:05:16 -0700
commit	7f1df52e9409edcc4d4cd5f34694f8740f56e1bf (patch)
tree	f1db7f826884869ba0e3505a7fcda0205dd01f30 /meta-python/recipes-devtools/python/python-numeric
parent	e3dbf786b143a0d09a9a339aa5f1a66afb6cf90e (diff)
download	meta-openembedded-7f1df52e9409edcc4d4cd5f34694f8740f56e1bf.tar.gz

fuse: fix for CVE-2015-3202 Privilege Escalation

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202 http://www.openwall.com/lists/oss-security/2015/05/21/9 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: