==========================================================Ubuntu Security Notice USN-1045-1          January 19, 2011
fuse vulnerability
CVE-2010-3879
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  fuse-utils                      2.7.2-1ubuntu2.2

Ubuntu 9.10:
  fuse-utils                      2.7.4-1.1ubuntu4.4

Ubuntu 10.04 LTS:
  fuse-utils                      2.8.1-1.1ubuntu2.2

Ubuntu 10.10:
  fuse-utils                      2.8.4-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that FUSE could be tricked into incorrectly updating the
mtab file when mounting filesystems. A local attacker, with access to use
FUSE, could unmount arbitrary locations, leading to a denial of service.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    22128 a4bc31c2b9b89daaf7a14a239cb057f2
          Size/MD5:     1556 0b1d7fbaf873050216c7eadd0c1ccefe
          Size/MD5:   505855 813782a4f23211386c1ea91dc0ac7ded

  Architecture independent packages:

          Size/MD5:   191810 c1b17b8bde6eab40c9c9fe7e0fee5e29

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    20008 9bad103234046f6b57deef80eaa59cc8
          Size/MD5:    23280 f490e31c19f955279ac88a71e03c49ac
          Size/MD5:   166154 f6a83b1a58132e2e8232015dfe0255a6
          Size/MD5:    56034 539365befd01a214ce3f55a13d95a4ef
          Size/MD5:   131758 b8dadea15f3569b07e9e3798d9a51d63

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    18228 38c1e9d47b52dbc2ad5ba6112709888b
          Size/MD5:    21516 61c5bfebb392008514d475d12cd4e0c0
          Size/MD5:   155826 cb8453de80ce73f816762525029ab0e8
          Size/MD5:    50408 3404f65491e88c8cdcd0d097932b277d
          Size/MD5:   125814 9d5eca6e17b4820ce99953b66f9ff0d2

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:    18284 ffd3dc307ae755cf128fe8d8b845b8a6
          Size/MD5:    21554 da7c7f326f50148e7b8b60ad2ceeaf42
          Size/MD5:   155534 978651240fd68afdc88d4ca722431695
          Size/MD5:    49310 6e17d80465e2968ab446673a259944b5
          Size/MD5:   124716 5a85622c84a1a1f7a59d8f7f4bd4d8dc

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:    20816 2a4a5b33f7c952c12e32e49340b65f53
          Size/MD5:    24100 70b875ceee28ba3e9abb8426f26726b3
          Size/MD5:   164536 37fbcd500a1e4485329d34d65d84e8ad
          Size/MD5:    56434 3aeca87f317da1a2e865976ce779137f
          Size/MD5:   132194 43c25292498f3c02f41b6172fde2138b

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:    18512 13b82727be6fe0c9faf66584cc86c740
          Size/MD5:    21794 9bec090ec517cdb15a9a986d0c28ff93
          Size/MD5:   155986 0d5615a255d6752460a6816ab865a355
          Size/MD5:    45870 9921fe59f173df6561f2393ac2f24bb5
          Size/MD5:   121478 235ded94d6d2fbdb0add88f74e508ac4

Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:    22815 bd090d66dad5c6a1bc9d65a4511e741a
          Size/MD5:     1935 1cc185922a9719b05c967d14c2b4e10b
          Size/MD5:   506658 4879f06570d2225667534c37fea04213

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    20558 d4ae2a9bff34dc4e94b8a98e9b862736
          Size/MD5:    24378 0d4cc072780393590032a8159633c91d
          Size/MD5:   171126 2681a72b9f0ad2484002c32e34ca124a
          Size/MD5:    57596 6fddce953dc597901b34628d832cef80
          Size/MD5:   135544 150d0c5ceac04ee93551298218d50fa5

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    18236 1d47e82b72ac3c4c7b4af1f77575eceb
          Size/MD5:    22016 2d00385b40c9805e357d87f8db2e7285
          Size/MD5:   159768 02d9c24ca24b87721d2f6b29a0f62cc3
          Size/MD5:    52852 760a10f90758253964f8da2ddc439507
          Size/MD5:   130432 3f90836d50be910df26dde9bc5b5ee3f

  armel architecture (ARM Architecture):

          Size/MD5:    17552 312532edd1861ebb5b0dbe050776d676
          Size/MD5:    21474 60ca5e587610af8c6771b80c94e1aa37
          Size/MD5:   160738 1365b94cff735ab121fa6d7988c5f12f
          Size/MD5:    48112 e791e02905c206945021fa51838fddbe
          Size/MD5:   125838 a8bd2692304e9a64a523544ba79737fc

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:    18096 1ad961797518a43bd43ba08f94968ac4
          Size/MD5:    21868 74f4c2f2d570f6f30b5bbaeb11a7d350
          Size/MD5:   160172 84a5ac75553a2635fbf76c7d513c4330
          Size/MD5:    52132 5c64ad5a81a8caf6a7e5298042e22856
          Size/MD5:   129730 74b1b447025b4887791677bd7e5f6342

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:    20104 f0f249d8862d28ec79f803bd870e7b6e
          Size/MD5:    23920 c62582cc62ff7b947b2b578f165812bb
          Size/MD5:   168992 165e3e75288fd89fae6bb9b1f432962c
          Size/MD5:    56106 e13a7b817bc67f76f0aa13ba835a94ad
          Size/MD5:   133856 26074db15ecd3829f92d08ba7cd22d34

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:    18712 cd4fc7e6da7c2aa057808382b00ff750
          Size/MD5:    22422 2d64306d44efdc3ad56197427950f3b3
          Size/MD5:   159268 dab3b236df50fe91e39a3c2b8c780d23
          Size/MD5:    47366 471355e281c607a1d360691ca05b6976
          Size/MD5:   124680 03a4cac62a865f745d2523e11a3663ac

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

          Size/MD5:    25092 f5161d3bb9782ecaf26593e0395762e5
          Size/MD5:     1996 e250366b0150a0d5dd6bd07c03368e21
          Size/MD5:   492871 0e3505ce90155983f1bc995eb2cf6fa7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    20882 7392b2e50be40d32b14cfc81be5b649e
          Size/MD5:    24592 07da26ae4294ec0c074079d6eafcb4a4
          Size/MD5:   194472 46dbbb1d63efd6f369a8dc5d48c326ba
          Size/MD5:    66672 08f4c9e879f33f254e8a746290a3f322
          Size/MD5:   147236 b4b4600fa6216927cb54f70d0b2eae47

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    18562 c27e3d81d78517f6348825a1766dfa52
          Size/MD5:    22172 b75549b9a6ac97802447205efc35bd19
          Size/MD5:   182512 9e41b5a098d88ca4e5c51470c2bc3753
          Size/MD5:    60542 ac9cc23e96d05903f01643c9c5f93117
          Size/MD5:   141300 af31a52be0f60a7d7c0ae127570c7468

  armel architecture (ARM Architecture):

          Size/MD5:    18362 2e2a01e13779a1c4470b4e74f890b504
          Size/MD5:    21986 69829e4038a8d2d185c6b204958b321b
          Size/MD5:   178300 ba42a8657c81e199a2934f4ab07b380c
          Size/MD5:    54178 8232babb30e9b483475f39a38d0485de
          Size/MD5:   134766 433d7d24cdee3a31faf55bd42d5bb903

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:    20422 21313ad577cad93f9bd3d6fa1facdfe6
          Size/MD5:    24128 5cfcbfdefa58c014fd4f82496e89d5eb
          Size/MD5:   191546 4c91e52ac99d084a7e44b933f908c2c6
          Size/MD5:    64308 223c4c0975377ed8bb21b571d4575c73
          Size/MD5:   145144 7c00e22ae7131de303f0a5f14e7eb912

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:    19256 2e33d9b8ef9443a9c82d6dd0b13bc497
          Size/MD5:    22876 d6495e62371997508e24cd1514500a81
          Size/MD5:   182980 ef4214c355e96ebfdd6812d394c4ab06
          Size/MD5:    56300 be9bc7d0449f01448eabefedf00131d8
          Size/MD5:   136952 d4b767bc95837a2272e8e8f662823157

Updated packages for Ubuntu 10.10:

  Source archives:

          Size/MD5:    27071 a1c578cb46b9fcde10859c4e3409d5ed
          Size/MD5:     2003 8a14c325d19746ecefc4de7234c11992
          Size/MD5:   500345 a26ec54e410bb826a387947b10c0fd2c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    20658 2100024f976ca0f71f5c3577e5347221
          Size/MD5:    24306 b58d378b7516839366de2f39b35abc3a
          Size/MD5:   195242 8181d2168e16ed98624f023c7d019a05
          Size/MD5:    65816 76f1add0dae8b44ba9f575a0bddc8e91
          Size/MD5:   147032 bcfa742fec5b468c1c64891bedd978be

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    18172 6d6e4a2efd9226626baf2a869bb5ff49
          Size/MD5:    21796 3ecce9c3e9362338e23f67924a686fae
          Size/MD5:   182966 211be0479d3183277bd2929166513831
          Size/MD5:    59554 5a0af3b6f18ce6954f99039d3c3a7121
          Size/MD5:   140882 f2b25189f48cd486f7de3b9cc68af8fe

  armel architecture (ARM Architecture):

          Size/MD5:    18574 9aab2a969687fa840b66c024912d80e4
          Size/MD5:    22222 f5ab672c089ef3ba469b9863d57b21ad
          Size/MD5:   185012 46edb0b214dab68fd2f0f5291f7ce90c
          Size/MD5:    54648 f7a2885c5e7ec0c1114f6e0e83db4fc9
          Size/MD5:   135648 7a7bcebf658cd4ee45b0b84f95070bd0

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:    20212 3efd0a13ca8611f84ef2c98188ab4a71
          Size/MD5:    23876 2becf1198c3a768b908e63eac2005a8a
          Size/MD5:   192160 3d93fafae614f8bba13e207de4c3b149
          Size/MD5:    63442 4527346f8781e221d650bdd7c6891ddd
          Size/MD5:   144892 2a7070fc7351d3cbcacb3d0e7540af40

Ubuntu 1045-1: FUSE vulnerability

January 19, 2011
It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems

Summary

Update Instructions

References

Severity
fuse vulnerability

Package Information

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved