fuse-2.9.2-11.el7

エラータID: AXSA:2019-3674:01

Release date: 
Friday, February 15, 2019 - 16:29
Subject: 
fuse-2.9.2-11.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program.

Security Fix(es):

* fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-10906
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the 'allow_other'
mount option regardless of whether 'user_allow_other' is set in the
fuse configuration. An attacker may use this flaw to mount a FUSE file
system, accessible by other users, and trick them into accessing files
on that file system, possibly causing Denial of Service or other
unspecified effects.

Solution: 

Update packages.

CVEs: 
CVE-2018-10906
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Additional Info: 

N/A

Download: 

SRPMS
  1. fuse-2.9.2-11.el7.src.rpm
    MD5: 3b58ec844616a27f93bf5076a5924a46
    SHA-256: c9afaf7cdebafe077d9d27b99521e82c00fe5b95aaeae6416ae041d73160f9ec
    Size: 564.04 kB

Asianux Server 7 for x86_64
  1. fuse-2.9.2-11.el7.x86_64.rpm
    MD5: d5e8961cd632c3459421dc11bf209343
    SHA-256: 303dffe87713d4ab30744a344954cae89b492281975567bc50417f0ebbee7fd4
    Size: 84.67 kB
  2. fuse-devel-2.9.2-11.el7.x86_64.rpm
    MD5: 8fadd934afcc2403f6ccdca954f25e5f
    SHA-256: 7116531e743f9cfe8bcce9cb2be27994cabf144f100cd56e4a4e98d9ccac7ef3
    Size: 36.02 kB
  3. fuse-libs-2.9.2-11.el7.x86_64.rpm
    MD5: be3b4a13cd129091e095b646d27066e1
    SHA-256: ed88d507ab697133906da3a5d3c2eb5d7255436603712694d6af4a983b60adfa
    Size: 92.29 kB
  4. fuse-devel-2.9.2-11.el7.i686.rpm
    MD5: 342797f9c7b195b7795cf0080d7d7b28
    SHA-256: ec6fe8270f68b1c6c81e0ef20f8102bc1eba81b771c1554817c11b43aeb07503
    Size: 36.05 kB
  5. fuse-libs-2.9.2-11.el7.i686.rpm
    MD5: fd56a7769a045135dbfe3b26135414c5
    SHA-256: 9f74083408f219e60f7b3aa9a31b6b57ca046d1f8275bbfc153d6ef9785ad414
    Size: 96.67 kB