fuse security update

2018-11-15T18:45:07
ID CESA-2018:3324
Type centos
Reporter CentOS Project
Modified 2018-11-15T18:45:07

Description

CentOS Errata and Security Advisory CESA-2018:3324

The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program.

Security Fix(es):

  • fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2018-November/005391.html

Affected packages: fuse fuse-devel fuse-libs

Upstream details at: