oss-sec mailing list archives
CVE request: fuse
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 01 Feb 2011 23:12:22 -0500
Hello, A few more fixes have made their way to FUSE to prevent TOCTTOU symlink attacks. An unprivileged user was able to unmount arbitrary mounts: http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873 http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47 Could we please get one or more CVE numbers for them? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- CVE request: fuse Marc Deslauriers (Feb 01)
- Re: CVE request: fuse Josh Bressers (Feb 03)
- Re: CVE request: fuse Marc Deslauriers (Feb 03)
- Re: CVE request: fuse Josh Bressers (Feb 08)
- Re: CVE request: fuse Marc Deslauriers (Feb 03)
- Re: CVE request: fuse Josh Bressers (Feb 03)