Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

Ubuntu 2617-1 Alert: Critical FUSE Overwrite Attack Advisory Released

ubuntu
Calendar Grey May 21, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
FUSE could be made to overwrite files as the administrator.

Summary

FUSE could be made to overwrite files as the administrator.

Software Description:

- fuse: Filesystem in Userspace

Details:

Tavis Ormandy discovered that FUSE incorrectly filtered environment

variables. A local attacker could use this issue to gain administrative

privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  fuse                            2.9.2-4ubuntu4.15.04.1

Ubuntu 14.10:
  fuse                            2.9.2-4ubuntu4.14.10.1

Ubuntu 14.04 LTS:
  fuse                            2.9.2-4ubuntu4.14.04.1

Ubuntu 12.04 LTS:
  fuse                            2.8.6-2ubuntu2.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2617-1

CVE-2015-3202

Severity
critical
Lowest
Low
Medium
High
Critical

May 21, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.