What Are You Looking For?

Sign Up

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4257-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 28, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fuse
CVE ID         : CVE-2018-10906
Debian Bug     : 904439

Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the
bypass of the 'user_allow_other' restriction when SELinux is active
(including in permissive mode). A local user can take advantage of this
flaw in the fusermount utility to bypass the system configuration and
mount a FUSE filesystem with the 'allow_other' mount option.

For the stable distribution (stretch), this problem has been fixed in
version 2.9.7-1+deb9u1.

We recommend that you upgrade your fuse packages.

For the detailed security status of fuse please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/fuse

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4257-1: fuse security update

July 28, 2018
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode)

Summary

For the stable distribution (stretch), this problem has been fixed in
version 2.9.7-1+deb9u1.

We recommend that you upgrade your fuse packages.

For the detailed security status of fuse please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/fuse

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the
bypass of the 'user_allow_other' restriction when SELinux is active
(including in permissive mode). A local user can take advantage of this
flaw in the fusermount utility to bypass the system configuration and
mount a FUSE filesystem with the 'allow_other' mount option.

Related News

Pros And Cons Of Linux Programming

Oct 1, 2023

Hackers Hijack Linux Devices Using PRoot Isolated Filesystems

Dec 5, 2022

PHP Vuln Threatens Confidentiality of Impacted Systems

May 11, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo