mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Tudor Florea
6a591c9367
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202 http://www.openwall.com/lists/oss-security/2015/05/21/9 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>