SuSE Local Security Checks : openSUSE: Security Advisory for fuse (openSUSE-SU-2018:3326-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.851945

Categoría: SuSE Local Security Checks

Título: openSUSE: Security Advisory for fuse (openSUSE-SU-2018:3326-1)

Resumen: The remote host is missing an update for the 'fuse'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'fuse'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for fuse fixes the following security issue:

- CVE-2018-10906: fusermount was vulnerable to a restriction bypass when
SELinux is active. This allowed non-root users to mount a FUSE file
system with the 'allow_other' mount option regardless of whether
'user_allow_other' is set in the fuse configuration. An attacker may use
this flaw to mount a FUSE file system, accessible by other users, and
trick them into accessing files on that file system, possibly causing
Denial of Service or other unspecified effects (bsc#1101797)

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1225=1

Affected Software/OS:
fuse on openSUSE Leap 42.3

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-10906

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.851945
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for fuse (openSUSE-SU-2018:3326-1)
Resumen:	The remote host is missing an update for the 'fuse'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'fuse' package(s) announced via the referenced advisory. Vulnerability Insight: This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1225=1 Affected Software/OS: fuse on openSUSE Leap 42.3 Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10906
Copyright	Copyright (C) 2018 Greenbone Networks GmbH