94917 – sys-fs/fuse: Exposure of Sensitive Information

Bug 94917 - sys-fs/fuse: Exposure of Sensitive Information

Summary: sys-fs/fuse: Exposure of Sensitive Information

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/15561/
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-06-03 06:30 UTC by Adir Abraham
Modified:	2005-06-09 10:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adir Abraham 2005-06-03 06:30:48 UTC

From Secunia: 

Description:
A security issue has been reported in FUSE, which potentially can be exploited
by malicious, local users to disclose sensitive information.

The problem is that certain memory content is not correctly cleared before being
returned to users and may contain sensitive information.

Solution:
Update to version 2.3.0.
http://sourceforge.net/project/showfiles.php?group_id=121684

Reproducible: Always
Steps to Reproduce:

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-06-03 08:10:11 UTC

Stefan, please bump ?

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-06-08 06:41:09 UTC

ppc, please test and mark stable

Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-06-08 10:33:31 UTC

Stable on ppc.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2005-06-08 11:31:38 UTC

GLSA vote --> I vote NO

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-06-08 13:30:26 UTC

I tend to vote NO as well.

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-06-09 10:33:35 UTC

Closing...
Anyone wanting to vote YES please reopen