From ec1082c58fec2f0739855d4dc01df6fdd335e0a3 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 25 Jul 2018 23:48:13 +0200 Subject: fuse: 2.9.7 -> 2.9.8 (security, CVE-2018-10906) Upstream changelog: - SECURITY UPDATE: In previous versions of libfuse it was possible to for unprivileged users to specify the allow_other option even when this was forbidden in /etc/fuse.conf. The vulnerability is present only on systems where SELinux is active (including in permissive mode). - libfuse no longer segfaults when fuse_interrupted() is called outside the event loop. - The fusermount binary has been hardened in several ways to reduce potential attack surface. Most importantly, mountpoints and mount options must now match a hard-coded whitelist. It is expected that this whitelist covers all regular use-cases. - Fixed rename deadlock on FreeBSD. --- pkgs/os-specific/linux/fuse/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific') diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix index 4c750dafcf75..644841131674 100644 --- a/pkgs/os-specific/linux/fuse/default.nix +++ b/pkgs/os-specific/linux/fuse/default.nix @@ -6,8 +6,8 @@ let }; in { fuse_2 = mkFuse { - version = "2.9.7"; - sha256Hash = "1wyjjfb7p4jrkk15zryzv33096a5fmsdyr2p4b00dd819wnly2n2"; + version = "2.9.8"; + sha256Hash = "0s04ln4k9zvvbjih8ybaa19fxg8xv7dcsz2yrlbk35psnf3l67af"; }; fuse_3 = mkFuse { -- cgit 1.4.1