Users who are concerned about this issue should consider using a different UID when mounting FUSE filesystems. To exploit this issue, an unprivileged local attacker must be able to run a specially crafted program that is provided by a remote attacker.

Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 6 NSS have been updated to fix these issues. Red Hat Enterprise Linux 5 has been updated to receive these fixes in its next major release. Details on the updates provided by each distribution are provided in the Red Hat Enterprise Linux 5 Security Advisory. In addition, Red Hat has provided a summary of the issues addressed by each Red Hat Enterprise Linux version. Red Hat has provided mitigations for these issues in the form of recommended practices and/or configuration options. Red Hat recommends all users of Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 5 apply these updates. Red Hat has provided a summary of the issues addressed by each Red Hat Enterprise Linux version.

Red Hat Enterprise Linux 6

, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 6 NSS Updates

Red Hat has provided mitigations for these issues in the form of recommended practices and/or configuration options. Red Hat recommends all users of Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 5 apply these updates.

Red Hat Enterprise Linux 6.0.x

Red Hat Enterprise Linux 6.0.x is not affected by this issue because the advisory only addressed systems with FUSE mounted using the old fuse.rc file or no fuse file at all.

Timeline

Published on: 08/23/2022 20:15:00 UTC
Last modified on: 08/29/2022 18:15:00 UTC

References