Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 24 Jul 2018 12:27:56 +0100
From: Nikolaus Rath <nikolaus@...h.org>
To: oss-security@...ts.openwall.com
Subject: [CVE-2018-10906] libfuse: restriction bypass of the "allow_other" option
 when SELinux is active

Hi,

I've just released updated versions of libfuse 2.x and libfuse 3.x that fix CVE-2018-10906.

Jann Horn discovered that it is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active. fusermount is a (typically setuid) helper for mounting FUSE file systems.

Best,
-Nikolaus

-- 
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ