MGASA-2012-0339
| Date: | November 23rd, 2012 |
| Affected releases: | 1 |
Description:
Updated fuse packages fix security vulnerabilities:
Multiple flaws were found in the way fusermount handled the mounting and
unmounting of directories when symbolic links were present. A local user
in the fuse group could use these flaws to unmount file systems, which
they would otherwise not be able to unmount and that were not mounted
using FUSE, via a symbolic link attack (CVE-2010-3879, CVE-2011-0541,
CVE-2011-0542, CVE-2011-0543).
Updated Packages:
fuse-2.8.5-1.1.mga1
lib(64)fuse2-2.8.5-1.1.mga1
lib(64)fuse-devel-2.8.5-1.1.mga1
lib(64)fuse-static-devel-2.8.5-1.1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543
https://rhn.redhat.com/errata/RHSA-2011-1083.html
https://bugs.mageia.org/show_bug.cgi?id=7063
