meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00

History

Tudor Florea 7f1df52e94 fuse: fix for CVE-2015-3202 Privilege Escalation fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202 http://www.openwall.com/lists/oss-security/2015/05/21/9 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2015-07-19 17:05:16 -07:00
..
fuse	fuse: fix for CVE-2015-3202 Privilege Escalation	2015-07-19 17:05:16 -07:00
physfs	meta-filesystems: use BPN in SRC_URI	2014-07-15 14:56:55 +02:00

Tudor Florea 7f1df52e94 fuse: fix for CVE-2015-3202 Privilege Escalation

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before
invoking (1) mount or (2) umount as root, which allows local users to write
to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is
used by mount's debugging feature.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
http://www.openwall.com/lists/oss-security/2015/05/21/9

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2015-07-19 17:05:16 -07:00

fuse

fuse: fix for CVE-2015-3202 Privilege Escalation

2015-07-19 17:05:16 -07:00

physfs

meta-filesystems: use BPN in SRC_URI

2014-07-15 14:56:55 +02:00