fuse-2.9.4

[Fernando de Oliveira]

​http://downloads.sourceforge.net/fuse/fuse-2.9.4.tar.gz

md5sum ecb712b5ffc6dffd54f4a405c9b372d8

​https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202

​http://seclists.org/oss-sec/2015/q2/520

​https://bugzilla.redhat.com/show_bug.cgi?id=1224103#c0

 Martin Prpic 2015-05-22 04:32:27 EDT

It was foudn that FUSE, a Filesystem in USErspace, did not properly
sanitize environment variables before executing a mount or umount
operation with elevated privileges. A local attacker could use this flaw
to overwrite arbitrary files on the system or escalate their privileges.

Additional details:

http://seclists.org/oss-sec/2015/q2/520

Patch proposed on distros is attached.

​http://sourceforge.net/p/fuse/fuse/ci/fuse_2_9_bugfix/tree/ChangeLog

2015-05-22  Miklos Szeredi <miklos@szeredi.hu>

    * Released 2.9.4

    * libfuse: fix exec environment for mount and umount.  Found by
    Tavis Ormandy (CVE-2015-3202).

    * libfuse: fix fuse_remove_signal_handlers() to properly restore
    the default signal handler.  Reported by: Chris Johnson

    * libfuse: highlevel API: fix directory file handle passed to
    ioctl() method.  Reported by Eric Biggers

    * libfuse: document deadlock avoidance for
    fuse_notify_inval_entry() and fuse_notify_delete()

    * fusermount, libfuse: send value as unsigned in "user_id=" and
    "group_id=" options.  Uids/gids larger than 2147483647 would
    result in EINVAL when mounting the filesystem.  This also needs a
    fix in the kernel.

    * Initilaize stat buffer passed to ->getattr() and ->fgetattr() to
    zero in all cases.  Reported by Daniel Iwan

    * libfuse: Add missing includes.  This allows compiling fuse with
    musl.  Patch by Daniel Thau

[Fernando de Oliveira]

Fixed at r16015.