Summary: | <sys-fs/fuse-{2.9.8,3.2.6}: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, base-system, bman, radhermit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceforge.net/p/fuse/mailman/message/36374753/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-08-22 23:41:10 UTC
Upstream patch: https://github.com/libfuse/libfuse/pull/268 Last vulnerable 2.x ebuild was removed June 2019: commit 013f53985fa39e994910490ac88cb73d5f777695 Author: Tim Harder <radhermit@gentoo.org> Date: Sat Jun 15 23:06:23 2019 -0500 sys-fs/fuse: remove old Signed-off-by: Tim Harder <radhermit@gentoo.org> delete mode 100644 sys-fs/fuse/fuse-2.9.7.ebuild delete mode 100644 sys-fs/fuse/fuse-3.4.1.ebuild delete mode 100644 sys-fs/fuse/fuse-3.4.2.ebuild Last vulnerable 3.x ebuild was removed December 2018: commit 2a623ce4a5c3ba77551661069d1a64be98d3b457 Author: Tim Harder <radhermit@gentoo.org> Date: Tue Dec 11 22:06:46 2018 -0600 sys-fs/fuse: remove old Signed-off-by: Tim Harder <radhermit@gentoo.org> delete mode 100644 sys-fs/fuse/fuse-2.9.7-r1.ebuild delete mode 100644 sys-fs/fuse/fuse-3.2.1.ebuild delete mode 100644 sys-fs/fuse/fuse-3.2.2.ebuild delete mode 100644 sys-fs/fuse/fuse-3.2.3.ebuild GLSA vote: no. Closing. |