2 Commits

Author SHA1 Message Date
Tudor Florea 7f1df52e94 fuse: fix for CVE-2015-3202 Privilege Escalation
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before
invoking (1) mount or (2) umount as root, which allows local users to write
to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is
used by mount's debugging feature.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
http://www.openwall.com/lists/oss-security/2015/05/21/9

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-07-19 17:05:16 -07:00
Hongxu Jia 5972198b0f fuse: move to meta-filesystems and upgrade
- Move fuse from meta-oe to meta-filesystems
- Upgrade fuse to 2.9.3

[YOCTO #4178]

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2013-08-16 12:58:31 +02:00