moderate: util-linux/fuse security update
moderate
An update for util-linux/fuse is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
util-linux:
fuse:
Security Fix(es):
util-linux: Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.(CVE-2014-9114)
util-linux: bugfix
fuse: fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.(CVE-2005-3531)
fuse: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage(CVE-2009-3297)
fuse: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.01B6.