[fuse-devel] [SECURITY ADVISORY]: Restrictions on allow_other may be bypassed if SELinux is active

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear all,

Jann Horn was discovered a security vulnerability in libfuse. Both the
2.x and 3.x branches are effected. The vulnerability enables unprivileged
users to specify the `allow_other` option even when this was forbidden
in `/etc/fuse.conf`.  The vulnerability is present only on systems where
SELinux is active (including in permissive mode).

I have just released updated version of libfuse 2 and libfuse 3.

Best,
Nikolaus

-- 
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«