Security update for fuse
This update for fuse fixes the following security issue:
- CVE-2018-10906: fusermount was vulnerable to a restriction bypass when
SELinux is active. This allowed non-root users to mount a FUSE file system with
the 'allow_other' mount option regardless of whether 'user_allow_other' is set
in the fuse configuration. An attacker may use this flaw to mount a FUSE file
system, accessible by other users, and trick them into accessing files on that
file system, possibly causing Denial of Service or other unspecified effects
(bsc#1101797)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Goldwyn Rodrigues (goldwynr)
Fixed bugs
bnc#1101797
VUL-0: CVE-2018-10906: fuse: user_allow_other restriction may be bypassed
