From 46cd782b43416969b1f11232ecf5b80e798a92a2 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 25 Jul 2018 23:30:19 +0200 Subject: [PATCH] fuse3: 3.2.4 -> 3.2.5 (security, CVE-2018-10906) Upstream changelog: - SECURITY UPDATE: In previous versions of libfuse it was possible to for unprivileged users to specify the allow_other option even when this was forbidden in /etc/fuse.conf. The vulnerability is present only on systems where SELinux is active (including in permissive mode). - The fusermount binary has been hardened in several ways to reduce potential attack surface. Most importantly, mountpoints and mount options must now match a hard-coded whitelist. It is expected that this whitelist covers all regular use-cases. - Added a test of seekdir to test_syscalls. - Fixed readdir bug when non-zero offsets are given to filler and the filesystem client, after reading a whole directory, re-reads it from a non-zero offset e. g. by calling seekdir followed by readdir. --- pkgs/os-specific/linux/fuse/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix index 594f966c2f4..4c750dafcf7 100644 --- a/pkgs/os-specific/linux/fuse/default.nix +++ b/pkgs/os-specific/linux/fuse/default.nix @@ -11,7 +11,7 @@ in { }; fuse_3 = mkFuse { - version = "3.2.4"; - sha256Hash = "1ybgd4s7naiyvaris7j6fzp604cgi5mgrn715x8l4kn5k9d840im"; + version = "3.2.5"; + sha256Hash = "0ibf2isbkm8p1gfaqpqblwsg0lm4s1rmcipv1qcg0wc4wwsbnqpx"; }; }