Ubuntu
fuse package

  1. Bug #670622
  2. Comment #12

Comment 12 for bug 670622

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fuse - 2.7.2-1ubuntu2.2

---------------
fuse (2.7.2-1ubuntu2.2) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary unprivileged unmount (LP: #670622)
    - debian/patches/CVE-2010-3879.dpatch: backported numerous fuse fixes
      from git tree to fix security issues.
      - Block SIGCHLD when executing mount and umount
      - Use "--no-canonicalize' option of mount(8)
      - Fix race if two "fusermount -u" instances are run in parallel
      - Make sure the path to be unmounted doesn't refer to a symlink
      - Use umount --fake to update /etc/mtab
    - debian/patches/200-fix_mount_symlink_handling: removed, changes are
      in the new patch.
    - debian/control: make libfuse2 depend on version of mount that
      contains backported --fake support.
    - CVE-2010-3879
 -- Marc Deslauriers <email address hidden> Thu, 09 Dec 2010 16:27:05 -0500