diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-16 16:06:33 +0200 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2015-10-26 21:43:08 +0100 |
commit | 6a591c93679a3c73aba232e3f52a46e7c0e03e6a (patch) | |
tree | b9be7c005ceb9e89bce4f955fbd5aec38ce9fb6a /meta-xfce | |
parent | dd407add556dcee973477c4544ff1e165f21310f (diff) | |
download | meta-openembedded-contrib-6a591c93679a3c73aba232e3f52a46e7c0e03e6a.tar.gz |
fuse: fix for CVE-2015-3202 Privilege Escalation
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before
invoking (1) mount or (2) umount as root, which allows local users to write
to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is
used by mount's debugging feature.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
http://www.openwall.com/lists/oss-security/2015/05/21/9
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-xfce')
0 files changed, 0 insertions, 0 deletions