* SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622)
- debian/patches/CVE-2010-3879.dpatch: backported numerous fuse fixes
from git tree to fix security issues.
- Block SIGCHLD when executing mount and umount
- Use "--no-canonicalize' option of mount(8)
- Fix race if two "fusermount -u" instances are run in parallel
- Make sure the path to be unmounted doesn't refer to a symlink
- Use umount --fake to update /etc/mtab
- debian/patches/200-fix_mount_symlink_handling: removed, changes are
in the new patch.
- debian/control: make libfuse2 depend on version of mount that
contains backported --fake support.
- CVE-2010-3879
-- Marc Deslauriers <email address hidden> Thu, 09 Dec 2010 16:27:05 -0500
This bug was fixed in the package fuse - 2.7.2-1ubuntu2.2
---------------
fuse (2.7.2-1ubuntu2.2) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622) patches/ CVE-2010- 3879.dpatch: backported numerous fuse fixes patches/ 200-fix_ mount_symlink_ handling: removed, changes are
- debian/
from git tree to fix security issues.
- Block SIGCHLD when executing mount and umount
- Use "--no-canonicalize' option of mount(8)
- Fix race if two "fusermount -u" instances are run in parallel
- Make sure the path to be unmounted doesn't refer to a symlink
- Use umount --fake to update /etc/mtab
- debian/
in the new patch.
- debian/control: make libfuse2 depend on version of mount that
contains backported --fake support.
- CVE-2010-3879
-- Marc Deslauriers <email address hidden> Thu, 09 Dec 2010 16:27:05 -0500