Risks
Advisories
Browse
or
or
Mandriva Linux Security Update Advisory - fuse (MDVSA-2013:155)
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:155
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : fuse
 Date    : April 29, 2013
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in fuse:

 FUSE, possibly 2.8.5 and earlier, allows local users to create
 mtab entries with arbitrary pathnames, and consequently unmount
 any filesystem, via a symlink attack on the parent directory of
 the mountpoint of a FUSE filesystem, a different vulnerability than
 CVE-2010-0789 (CVE-2010-3879).

 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 454fb9c68b076a9759a3023e3f4e375f  mes5/i586/fuse-2.7.4-4.4mdvmes5.2.i586.rpm
 c8f4c5487d17e410bd03db7690139d77  mes5/i586/libfuse2-2.7.4-4.4mdvmes5.2.i586.rpm
 20a2ba434d7206f37ef3821146a8592b 
mes5/i586/libfuse-devel-2.7.4-4.4mdvmes5.2.i586.rpm
 d5fe2230e268edf51c42aaf9161af412 
mes5/i586/libfuse-static-devel-2.7.4-4.4mdvmes5.2.i586.rpm
 102f5e6b2989eb72ba4b50554e24a109  mes5/SRPMS/fuse-2.7.4-4.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9bc54b1f4940de376fab39ca0696cf77  mes5/x86_64/fuse-2.7.4-4.4mdvmes5.2.x86_64.rpm
 78b7772919fc74d4e850be0bef656d29 
mes5/x86_64/lib64fuse2-2.7.4-4.4mdvmes5.2.x86_64.rpm
 cbf3afa08885005b4de6dd730b2510f0 
mes5/x86_64/lib64fuse-devel-2.7.4-4.4mdvmes5.2.x86_64.rpm
 bd703d9f4f9a1c68b053ffefc0313e46 
mes5/x86_64/lib64fuse-static-devel-2.7.4-4.4mdvmes5.2.x86_64.rpm
 102f5e6b2989eb72ba4b50554e24a109  mes5/SRPMS/fuse-2.7.4-4.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>




Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //