Page MenuHomeSolus
Differential D3392

Update fuse to 2.9.8 to address CVE-2018-10906
ClosedPublic
Actions

Authored by kyrios123 on Jul 24 2018, 2:11 PM.
Tags
  • Restricted Project
Referenced Files
F11066072: D3392.diff
Fri, Aug 11, 5:40 PM
F10993728: D3392.id8379.diff
Tue, Jul 25, 6:57 PM
F10974690: D3392.id8379.diff
Sat, Jul 22, 1:43 AM
F10968881: D3392.id8370.diff
Thu, Jul 20, 8:03 PM
F10945272: D3392.id8370.diff
Sat, Jul 15, 3:24 AM
F10935528: D3392.diff
Wed, Jul 12, 9:34 PM
F10895692: D3392.diff
Jul 1 2023, 6:45 PM
F10878642: D3392.id.diff
Jun 21 2023, 11:54 AM
View All 11 Files
Subscribers
None

Details

Reviewers
sunnyflunk
Group Reviewers
Triage Team
Commits
R861:af722782a29f: Update fuse to 2.9.8 to address CVE-2018-10906
Summary
  • libfuse no longer segfaults when fuse_interrupted() is called outside the event loop.
  • The fusermount binary has been hardened in several ways to reduce potential attack surface. Most importantly, mountpoints and mount options must now match a hard-coded whitelist. It is expected that this whitelist covers all regular use-cases.

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

Can still access my NAS using sshfs

Diff Detail

Repository
R861 fuse
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kyrios123 created this revision.Jul 24 2018, 2:11 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptJul 24 2018, 2:11 PM
kyrios123 requested review of this revision.Jul 24 2018, 2:11 PM
sunnyflunk accepted this revision.Jul 24 2018, 11:40 PM
sunnyflunk retitled this revision from Update fuse to 2.9.8 to Update fuse to 2.9.8 to address CVE-2018-10906.
This revision is now accepted and ready to land.Jul 24 2018, 11:40 PM
Closed by commit R861:af722782a29f: Update fuse to 2.9.8 to address CVE-2018-10906 (authored by kyrios123, committed by sunnyflunk). · Explain WhyJul 24 2018, 11:41 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 8370

View Options

files/0001-fusermount-Support-a-stateless-configuration.patch

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.