Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 16 articles for you...
172
security advisorydenial of servicecriticalUbuntu 16.04 ESM: USN-5326-1 Critical: FUSE Restriction Bypass
FUSE is susceptible to a restriction bypass flaw.. =========================================================================Ubuntu Security Notice USN-5326-1 March 16, 2022 fuse vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: FUSE is susceptible to a restriction bypass flaw. Software Description: - fuse: Filesystem in Userspace Details: It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to other users and trick them into accessing files on that file system, which could result in a Denial of Service or other unspecified conditions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: fuse 2.9.4-1ubuntu3.1+esm1 libfuse2 2.9.4-1ubuntu3.1+esm1 In general, a standard system update will make all the necessary changes. References: CVE-2018-10906 . The Ubuntu Security Announcement USN-5326-1 details a vulnerability in the FUSE restriction bypass, providing essential update directives for impacted versions.. FUSE Vulnerability, Ubuntu Security Update, Bypass Flaw, SELinux Issues. . Severity: Critical. LinuxSecurity.com Team
Mar 16, 2022
•Critical
Ubuntu
89
security advisoryupdateFedoraFedora 30: FEDORA-2019-ac2a21ff07 Critical Bug Fix in Fuse
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ac2a21ff07 2019-04-17 16:04:32.355044 --------------------------------------------------------------------------------Name : fuse Product : Fedora 30 Version : 2.9.9 Release : 3.fc30 URL : https://github.com/libfuse/libfuse Summary : File System in Userspace (FUSE) v2 utilities Description : With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE v2 userspace tools to mount a FUSE filesystem. --------------------------------------------------------------------------------Update Information: This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). This includes gnome-initial-setup, which was affected by this problem, resulting in a [release-blocking bug](https://bugzilla.redhat.com/show_bug.cgi?id=1699099) that prevented it running correctly with SELinux in enforcing mode. --------------------------------------------------------------------------------References: [ 1 ] Bug #1699099 - gnome-initial-setup 3.32.0+ crashes due to SELinuxdenials (because it has execstack flag set, because meson 0.50.0 sets it when it shouldn't) https://bugzilla.redhat.com/show_bug.cgi?id=1699099 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ac2a21ff07' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 17, 2019
•Critical
Fedora
89
security advisorymoderateFedoraFedora 30: FEDORA-2019-dd00364b71 Moderate: Fuse Security Fix
Update fuse to 2.9.9, fuse3 to 3.4.2. Also fixes CVE-2018-10906, and adds missing fusermount.1 man page.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-dd00364b71 2019-03-31 00:01:31.775656 --------------------------------------------------------------------------------Name : fuse Product : Fedora 30 Version : 2.9.9 Release : 1.fc30 URL : https://github.com/libfuse/libfuse Summary : File System in Userspace (FUSE) v2 utilities Description : With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE v2 userspace tools to mount a FUSE filesystem. --------------------------------------------------------------------------------Update Information: Update fuse to 2.9.9, fuse3 to 3.4.2. Also fixes CVE-2018-10906, and adds missing fusermount.1 man page. --------------------------------------------------------------------------------References: [ 1 ] Bug #1691997 - fusermount is missing is man page https://bugzilla.redhat.com/show_bug.cgi?id=1691997 [ 2 ] Bug #1607854 - CVE-2018-10906 fuse: bypass of the "user_allow_other" restriction when SELinux is active [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1607854 [ 3 ] Bug #1600307 - fuse-3.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1600307 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-dd00364b71' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 30, 2019
Fedora
200
security advisorymoderatesecurity fixScientific Linux 7: SLSA-2018:3324-1 Moderate: Fuse SELinux Bypass Fix
fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) SL7 x86_64 fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm - Scientific Linux Deve [More...]. Synopsis: Moderate: fuse security update Advisory ID: SLSA-2018:3324-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2018-10906 -- Security Fix(es): * fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) -- SL7 x86_64 fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm - Scientific Linux Development Team . The revised patch for the fuse system tackles issues related to user access evasion during the operation of SELinux, reinforcing overall system integrity.. SELinux Security, Fuse Update, Linux Advisory, Scientific Linux, Security Patch. . LinuxSecurity.com Team
Nov 26, 2018
Scientific Linux
98
security advisorymoderatesecurity fixRed Hat Enterprise Linux 7 RHSA-2018:3324-01 Moderate: Fuse Fix Bypass
An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: fuse security update Advisory ID: RHSA-2018:3324-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3324 Issue date: 2018-10-30 CVE Names: CVE-2018-10906 ==================================================================== 1. Summary: An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es): * fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) For more details about the security issue(s), including the impact, a CVSS score, and other relatedinformation, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1602996 - CVE-2018-10906 fuse: bypass of the "user_allow_other" restriction when SELinux is active 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: fuse-2.9.2-11.el7.src.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: fuse-2.9.2-11.el7.src.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: fuse-2.9.2-11.el7.src.rpm ppc64: fuse-2.9.2-11.el7.ppc64.rpm fuse-debuginfo-2.9.2-11.el7.ppc.rpm fuse-debuginfo-2.9.2-11.el7.ppc64.rpm fuse-devel-2.9.2-11.el7.ppc.rpm fuse-devel-2.9.2-11.el7.ppc64.rpm fuse-libs-2.9.2-11.el7.ppc.rpm fuse-libs-2.9.2-11.el7.ppc64.rpm ppc64le: fuse-2.9.2-11.el7.ppc64le.rpm fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm fuse-devel-2.9.2-11.el7.ppc64le.rpm fuse-libs-2.9.2-11.el7.ppc64le.rpm s390x: fuse-2.9.2-11.el7.s390x.rpm fuse-debuginfo-2.9.2-11.el7.s390.rpm fuse-debuginfo-2.9.2-11.el7.s390x.rpm fuse-devel-2.9.2-11.el7.s390.rpm fuse-devel-2.9.2-11.el7.s390x.rpm fuse-libs-2.9.2-11.el7.s390.rpm fuse-libs-2.9.2-11.el7.s390x.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: fuse-2.9.2-11.el7.src.rpm aarch64: fuse-2.9.2-11.el7.aarch64.rpm fuse-debuginfo-2.9.2-11.el7.aarch64.rpm fuse-devel-2.9.2-11.el7.aarch64.rpm fuse-libs-2.9.2-11.el7.aarch64.rpm ppc64le: fuse-2.9.2-11.el7.ppc64le.rpm fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm fuse-devel-2.9.2-11.el7.ppc64le.rpm fuse-libs-2.9.2-11.el7.ppc64le.rpm s390x: fuse-2.9.2-11.el7.s390x.rpm fuse-debuginfo-2.9.2-11.el7.s390.rpm fuse-debuginfo-2.9.2-11.el7.s390x.rpm fuse-devel-2.9.2-11.el7.s390.rpm fuse-devel-2.9.2-11.el7.s390x.rpm fuse-libs-2.9.2-11.el7.s390.rpm fuse-libs-2.9.2-11.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: fuse-2.9.2-11.el7.src.rpm x86_64: fuse-2.9.2-11.el7.x86_64.rpm fuse-debuginfo-2.9.2-11.el7.i686.rpm fuse-debuginfo-2.9.2-11.el7.x86_64.rpm fuse-devel-2.9.2-11.el7.i686.rpm fuse-devel-2.9.2-11.el7.x86_64.rpm fuse-libs-2.9.2-11.el7.i686.rpm fuse-libs-2.9.2-11.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-10906 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW9gRwNzjgjWX9erEAQiDOg/8C4ggZ2DsAH5MSZwMWgfekCY2C5xs9X+5 MlITNuAdkI8rjhP4LVkL53UpE3Q5YqerIFwD1tv+HYyNkVNEeZqiu8KCx8D0/MxR RMcg34jDP9MZGm43epFpxRSxI8s4QsovZQ4+GLNGJBIR6l3VpReyU6hoS/aGCZfU Ah0CMbnDyEcptUGTtPQu/4wPemWtKB7r5DEPnyTVwfX8jst63yJ3zj/Jk0mtQLW5 2GqUeVpoxRjVmIf1Th9fVVp/dq7xspoumUEIQw4Vrf3CPo7xw9VWgjb/cickpN3I VFX4xs25cJ5cvjaW+HuB53bk4uiVtv9Jpc2fGNmwskkXIiO4c/JJXU194nGfdqyC WIKsw1xyvrsI3+n6lTThJydH8i33RI4ap5hFY3lrSUUpQ65r7jg9LlD5mRXeD3U6 lgyDJ4u4HBcTDoniNdkkwg/HMaod6xyCT5z0swc/baGk/OTXvlviIR+ntBi+5JCB qf+Lblv/3MdWSlwTF8HcCSErZaZI2/FiTNc6K6hj7EDK+zFNrgRvH9XQV0wO/n19 TERBkyJ4rzBJ+hcA8UQA7ltcX6ynx5stfJC+46mFw0iRD3EVacI81Nsur93oIntl Bjzr3SHaCv91zgze448Mr+JejtLdRhJHv7PUhe2YMffxpAFcwlAbUoZovJZ7Z41d aDbPZkBXMrU=D3Tu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 30, 2018
Red Hat
202
security advisorymoderateDenial of ServiceopenSUSE Leap 15.0: 2018:3325-1 Moderate: FUSE Restriction Bypass
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3325-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1228=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): fuse-2.9.7-lp150.2.3.1 fuse-debuginfo-2.9.7-lp150.2.3.1 fuse-debugsource-2.9.7-lp150.2.3.1 fuse-devel-2.9.7-lp150.2.3.1 fuse-devel-static-2.9.7-lp150.2.3.1 fuse-doc-2.9.7-lp150.2.3.1 libfuse2-2.9.7-lp150.2.3.1 libfuse2-debuginfo-2.9.7-lp150.2.3.1 libulockmgr1-2.9.7-lp150.2.3.1 libulockmgr1-debuginfo-2.9.7-lp150.2.3.1 - openSUSE Leap 15.0 (x86_64): libfuse2-32bit-2.9.7-lp150.2.3.1 libfuse2-32bit-debuginfo-2.9.7-lp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 -- . openSUSE Security Update: Security update for fuse Announcement ID: openSUSE-SU-2018:3325-1 Rating: . update, security, fixes, vulnerability, opensuse. . LinuxSecurity.com Team
Oct 23, 2018
OpenSUSE
202
security advisorymoderatesecurity updateopenSUSE: 2018:3326-1 Moderate: Fuse SELinux Restriction Bypass
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3326-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1225=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): fuse-2.9.3-12.3.2 fuse-debuginfo-2.9.3-12.3.2 fuse-debugsource-2.9.3-12.3.2 fuse-devel-2.9.3-12.3.2 fuse-devel-static-2.9.3-12.3.2 libfuse2-2.9.3-12.3.2 libfuse2-debuginfo-2.9.3-12.3.2 libulockmgr1-2.9.3-12.3.2 libulockmgr1-debuginfo-2.9.3-12.3.2 - openSUSE Leap 42.3 (x86_64): libfuse2-32bit-2.9.3-12.3.2 libfuse2-debuginfo-32bit-2.9.3-12.3.2 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 -- . Critical patch for openSUSE addresses SELinux privilege escalation in fuse, enhancing overall system integrity and protection.. openSUSE Security Update,Fuse Update,SELinux Bypass. . LinuxSecurity.com Team
Oct 23, 2018
OpenSUSE
100
security advisorymoderatedenial of serviceSUSE: 2018:3260-1 Moderate: Risk of Fuse SELinux Bypass Found
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for fuse ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3260-1 Rating: moderate References: #1101797 Cross-References: CVE-2018-10906 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2340=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): fuse-2.9.7-3.3.1 fuse-debuginfo-2.9.7-3.3.1 fuse-debugsource-2.9.7-3.3.1 fuse-devel-2.9.7-3.3.1 fuse-doc-2.9.7-3.3.1 libfuse2-2.9.7-3.3.1 libfuse2-debuginfo-2.9.7-3.3.1 libulockmgr1-2.9.7-3.3.1 libulockmgr1-debuginfo-2.9.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-10906.html https://bugzilla.suse.com/1101797 _______________________________________________ sle-security-updatesmailing list
Oct 19, 2018
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!