Medium: fuse

2019-04-17T18:45:00
ID ALAS-2018-1123
Type amazon
Reporter Amazon
Modified 2019-04-17T18:45:00

Description

Issue Overview:

A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. (CVE-2018-10906 __)

Affected Packages:

fuse

Issue Correction:
Run yum update fuse to update your system.

New Packages:

i686:  
    fuse-libs-2.9.4-1.18.amzn1.i686  
    fuse-debuginfo-2.9.4-1.18.amzn1.i686  
    fuse-devel-2.9.4-1.18.amzn1.i686  
    fuse-2.9.4-1.18.amzn1.i686

src:  
    fuse-2.9.4-1.18.amzn1.src

x86_64:  
    fuse-devel-2.9.4-1.18.amzn1.x86_64  
    fuse-libs-2.9.4-1.18.amzn1.x86_64  
    fuse-debuginfo-2.9.4-1.18.amzn1.x86_64  
    fuse-2.9.4-1.18.amzn1.x86_64