fuse: fix for CVE-2015-3202 Privilege Escalation - meta-openembedded-contrib - OpenEmbedded layers collection contribution trees

diff options

author	Tudor Florea <tudor.florea@enea.com>	2015-07-16 16:06:33 +0200
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-07-30 21:03:26 +0200
commit	96a4d9ad7b0150133340105f7ca84243398b11a9 (patch)
tree	d9fe4a175114b471716cee563468dfcb722ad77b /meta-oe/recipes-kernel/crash/crash-7.0.9/config-site.crash-7.0.9
parent	81d8056d4b9bddd002e05c893af70ec58df2ee21 (diff)
download	meta-openembedded-contrib-96a4d9ad7b0150133340105f7ca84243398b11a9.tar.gz

fuse: fix for CVE-2015-3202 Privilege Escalation

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202 http://www.openwall.com/lists/oss-security/2015/05/21/9 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

Diffstat (limited to 'meta-oe/recipes-kernel/crash/crash-7.0.9/config-site.crash-7.0.9')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: