diff options
author | Tudor Florea <tudor.florea@enea.com> | 2015-07-16 16:06:33 +0200 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2015-07-19 17:05:16 -0700 |
commit | 7f1df52e9409edcc4d4cd5f34694f8740f56e1bf (patch) | |
tree | f1db7f826884869ba0e3505a7fcda0205dd01f30 /meta-multimedia/recipes-dvb | |
parent | e3dbf786b143a0d09a9a339aa5f1a66afb6cf90e (diff) | |
download | meta-openembedded-7f1df52e9409edcc4d4cd5f34694f8740f56e1bf.tar.gz |
fuse: fix for CVE-2015-3202 Privilege Escalation
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before
invoking (1) mount or (2) umount as root, which allows local users to write
to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is
used by mount's debugging feature.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
http://www.openwall.com/lists/oss-security/2015/05/21/9
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-multimedia/recipes-dvb')
0 files changed, 0 insertions, 0 deletions