Debian Security Advisory
DSA-744-1 fuse -- programming error
- Date Reported:
- 08 Jul 2005
- Affected Packages:
- fuse
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 311634.
In the Bugtraq database (at SecurityFocus): BugTraq ID 13857.
In Mitre's CVE dictionary: CVE-2005-1858. - More information:
-
Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information.
The old stable distribution (woody) does not contain the fuse package.
For the stable distribution (sarge) this problem has been fixed in version 2.2.1-4sarge2.
For the unstable distribution (sid) this problem has been fixed in version 2.3.0-1.
We recommend that you upgrade your fuse package.
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.dsc
- http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.diff.gz
- http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-source_2.2.1-4sarge2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_arm.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_arm.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_arm.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_i386.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_i386.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_i386.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mips.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mips.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mips.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_s390.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_s390.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_s390.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_sparc.deb
MD5 checksums of the listed files are available in the original advisory.