[SECURITY] Fedora 7 Update: fuse-2.7.0-5.fc7

updates at fedoraproject.org updates at fedoraproject.org
Tue Sep 25 15:42:28 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2295
2007-09-25 08:29:01
--------------------------------------------------------------------------------

Name        : fuse
Product     : Fedora 7
Version     : 2.7.0
Release     : 5.fc7
URL         : http://fuse.sf.net
Summary     : File System in Userspace (FUSE) utilities
Description :
With FUSE it is possible to implement a fully functional filesystem in a
userspace program. This package contains the FUSE userspace tools to
mount a FUSE filesystem.

Note: For security reasons only members of the group "fuse" are allowed to
(u)mount fuse filesystems. You can find more details on this issue in
/usr/share/doc/fuse-2.7.0/README.fedora

--------------------------------------------------------------------------------
Update Information:

It was discovered that members of the group fuse can get access to devices which they normally should not have access to. For ntfs-3g mounts, this was because /sbin/mount.ntfs-3g was setuid root.    This update fixes /sbin/mount.ntfs-3g so that it is no longer has the setuid bit enabled. The fuse package is also being updated to correct an error in the previous testing package which incorrectly changed the permissions on /dev/fuse.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 21 2007 Tom "spot" Callaway <tcallawa at redhat.com> 2.7.0-7
- revert udev rules change
* Thu Sep 20 2007 Tom "spot" Callaway <tcallawa at redhat.com> 2.7.0-4
- change udev rules so that /dev/fuse is chmod 666 (bz 298651)
* Sun Jul 22 2007 Tom "spot" Callaway <tcallawa at redhat.com> 2.7.0-3
- put pkgconfig file in correct place
- enable compat symlinks for files in /bin
* Sat Jul 21 2007 Tom "spot" Callaway <tcallawa at redhat.com> 2.7.0-2
- redefine exec_prefix to /
- redefine bindir to /bin
- redefine libdir to %{_lib}
- don't pass --disable-static to configure
- manually rm generated static libs
* Wed Jul 18 2007 Peter Lemenkov <lemenkov at gmail.com> 2.7.0-1
- Version 2.7.0
- Redefined exec_prefix due to demands from NTFS-3G
* Wed Jun  6 2007 Peter Lemenkov <lemenkov at gmail.com> 2.6.5-2
- Add BR libselinux-devel (bug #235145)
- Config files properly marked as config (bug #211122)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #298651 - ntfs-3g allows access to partition the users normally should not have access to
        https://bugzilla.redhat.com/show_bug.cgi?id=298651
--------------------------------------------------------------------------------
Updated packages:

71ca0b8c7e9300ab752842bc977f06d7a59b33b2 fuse-libs-2.7.0-5.fc7.ppc64.rpm
69e8a8538d5df57a317c952cf77d91d45d8fc4c7 fuse-2.7.0-5.fc7.ppc64.rpm
4c80d67151e769481f3fb9f170ee3f7331ea33ab fuse-debuginfo-2.7.0-5.fc7.ppc64.rpm
d0e3eeabfd7b27e2219e9b709d3efbdaf29953e0 fuse-devel-2.7.0-5.fc7.ppc64.rpm
18a7b05fe5b096dd16687dc2e6f8251b745dbabb fuse-2.7.0-5.fc7.i386.rpm
d80d9977c80eb35ea0b44de254ddd59f8850120d fuse-devel-2.7.0-5.fc7.i386.rpm
9fc8e760def62bca905aecd1fb48701b8a4623ec fuse-debuginfo-2.7.0-5.fc7.i386.rpm
181672179196541e3903bf3a88b6359db33d3601 fuse-libs-2.7.0-5.fc7.i386.rpm
1c9e803cad170a770734190568820cbb1462e8b4 fuse-libs-2.7.0-5.fc7.x86_64.rpm
0fe3215a60bfb9db0645b5bb2e772d3fca09ec7f fuse-devel-2.7.0-5.fc7.x86_64.rpm
7eb39abb8a6c51662490e0cb1c411d43b56f4fea fuse-debuginfo-2.7.0-5.fc7.x86_64.rpm
8f6e5ab7c29e940475160a5f2b4341d0509bf8f7 fuse-2.7.0-5.fc7.x86_64.rpm
1045de93c1f094b2e8d2893a4debe94bc2c3a0ad fuse-libs-2.7.0-5.fc7.ppc.rpm
46f281971fcc87f204fd96e18823491f3bc774ba fuse-debuginfo-2.7.0-5.fc7.ppc.rpm
63d76894dbc6ff4f4686bf14c7fad39e19b1790b fuse-devel-2.7.0-5.fc7.ppc.rpm
bd183d5a0569196cd73ee6973c53275867e48074 fuse-2.7.0-5.fc7.ppc.rpm
a300dd173ce33f9cc348344490e5ba1ccbfa6a11 fuse-2.7.0-5.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update fuse' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list