Issued:: 2018-10-30
Updated:: 2018-10-30

RHSA-2018:3324 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: fuse security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for fuse is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program.

Security Fix(es):

fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 1602996 - CVE-2018-10906 fuse: bypass of the "user_allow_other" restriction when SELinux is active

CVEs

CVE-2018-10906

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
x86_64
fuse-2.9.2-11.el7.x86_64.rpm	SHA-256: 078494302e9d4c4ce914f5681c583b9ab571f3e13537c61e4a6db711528d7fcb
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-devel-2.9.2-11.el7.i686.rpm	SHA-256: d150c207cb9e7b8010c8ca39533888eeec5ef1aeef015bc4f614e49628bb05f8
fuse-devel-2.9.2-11.el7.x86_64.rpm	SHA-256: ba25cb7aa1704a7261eacae4c3858d36f5c819e91f3cb4c00918c0056756f086
fuse-libs-2.9.2-11.el7.i686.rpm	SHA-256: 108eea7495fac23e206e2f0efd0d547c99ba22a6f4281e2ecda44c30c37de6fa
fuse-libs-2.9.2-11.el7.x86_64.rpm	SHA-256: b1c7bf4620118b7263f47eaaa4b8ebcdcfda0a5ce615f90ad9a176c8bc6e0eb4

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
x86_64
fuse-2.9.2-11.el7.x86_64.rpm	SHA-256: 078494302e9d4c4ce914f5681c583b9ab571f3e13537c61e4a6db711528d7fcb
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-devel-2.9.2-11.el7.i686.rpm	SHA-256: d150c207cb9e7b8010c8ca39533888eeec5ef1aeef015bc4f614e49628bb05f8
fuse-devel-2.9.2-11.el7.x86_64.rpm	SHA-256: ba25cb7aa1704a7261eacae4c3858d36f5c819e91f3cb4c00918c0056756f086
fuse-libs-2.9.2-11.el7.i686.rpm	SHA-256: 108eea7495fac23e206e2f0efd0d547c99ba22a6f4281e2ecda44c30c37de6fa
fuse-libs-2.9.2-11.el7.x86_64.rpm	SHA-256: b1c7bf4620118b7263f47eaaa4b8ebcdcfda0a5ce615f90ad9a176c8bc6e0eb4

Red Hat Enterprise Linux Workstation 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
x86_64
fuse-2.9.2-11.el7.x86_64.rpm	SHA-256: 078494302e9d4c4ce914f5681c583b9ab571f3e13537c61e4a6db711528d7fcb
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-devel-2.9.2-11.el7.i686.rpm	SHA-256: d150c207cb9e7b8010c8ca39533888eeec5ef1aeef015bc4f614e49628bb05f8
fuse-devel-2.9.2-11.el7.x86_64.rpm	SHA-256: ba25cb7aa1704a7261eacae4c3858d36f5c819e91f3cb4c00918c0056756f086
fuse-libs-2.9.2-11.el7.i686.rpm	SHA-256: 108eea7495fac23e206e2f0efd0d547c99ba22a6f4281e2ecda44c30c37de6fa
fuse-libs-2.9.2-11.el7.x86_64.rpm	SHA-256: b1c7bf4620118b7263f47eaaa4b8ebcdcfda0a5ce615f90ad9a176c8bc6e0eb4

Red Hat Enterprise Linux Desktop 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
x86_64
fuse-2.9.2-11.el7.x86_64.rpm	SHA-256: 078494302e9d4c4ce914f5681c583b9ab571f3e13537c61e4a6db711528d7fcb
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-devel-2.9.2-11.el7.i686.rpm	SHA-256: d150c207cb9e7b8010c8ca39533888eeec5ef1aeef015bc4f614e49628bb05f8
fuse-devel-2.9.2-11.el7.x86_64.rpm	SHA-256: ba25cb7aa1704a7261eacae4c3858d36f5c819e91f3cb4c00918c0056756f086
fuse-libs-2.9.2-11.el7.i686.rpm	SHA-256: 108eea7495fac23e206e2f0efd0d547c99ba22a6f4281e2ecda44c30c37de6fa
fuse-libs-2.9.2-11.el7.x86_64.rpm	SHA-256: b1c7bf4620118b7263f47eaaa4b8ebcdcfda0a5ce615f90ad9a176c8bc6e0eb4

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
s390x
fuse-2.9.2-11.el7.s390x.rpm	SHA-256: a61ffa251119a127d0f4dabb8d5d0979b60ea02c09e5136db5725e418d24e8d0
fuse-debuginfo-2.9.2-11.el7.s390.rpm	SHA-256: 5e1c8145835c6bbbdced5ad0d01622291edf10b5b3a42a4da0a28597db3ed17d
fuse-debuginfo-2.9.2-11.el7.s390x.rpm	SHA-256: 0ed894e9c5b7596b092dc8f2ec46f569828c10458691ef5c2ce80fbaf45956c1
fuse-devel-2.9.2-11.el7.s390.rpm	SHA-256: 02dac46a09eb780c1d1ce2958d634949253e27facae269451b1f95539a014310
fuse-devel-2.9.2-11.el7.s390x.rpm	SHA-256: 452010a2cb906a07b797883c0bb661cb590a8f453c59a27592f6b3e52b37b070
fuse-libs-2.9.2-11.el7.s390.rpm	SHA-256: 52d94b346f138235b495373d712f614c7a8a206c88b60b62b8adc78cb9902df8
fuse-libs-2.9.2-11.el7.s390x.rpm	SHA-256: 896b794b7e22653b12919f4fd3458f2c86ecc0ad6c7f818468f836aee4df716d

Red Hat Enterprise Linux for Power, big endian 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
ppc64
fuse-2.9.2-11.el7.ppc64.rpm	SHA-256: 4d62c048b85a0954bc41c1d0057c4f5057efdacff6501518809c970fc7982cc2
fuse-debuginfo-2.9.2-11.el7.ppc.rpm	SHA-256: d448ca67e0d7f560860afc67ec5a579e701e96906740209ef99dee5b7f298a94
fuse-debuginfo-2.9.2-11.el7.ppc64.rpm	SHA-256: 9f1d7a6f1efcc02257d23c8da2648b1d48501d32cb41cb9229e125f80a50c493
fuse-devel-2.9.2-11.el7.ppc.rpm	SHA-256: d1d103784636c42f3132c91adb9d55e5fcb5956459b9a2de4a9443419c72d8d0
fuse-devel-2.9.2-11.el7.ppc64.rpm	SHA-256: 8ee86cb44c3b0f460097f1003374ea5f51b6b4a263a89f05aaecfa97e780cfc8
fuse-libs-2.9.2-11.el7.ppc.rpm	SHA-256: 5ad9ab4d0aa9737020e572e66357db18ce1e8e888fe275ba3e7e354919259497
fuse-libs-2.9.2-11.el7.ppc64.rpm	SHA-256: f2ea87c5d361a1fd0cf0a36cc01a6e586a1e70228cb9f79e55c6e08a8a76e8ed

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
x86_64
fuse-2.9.2-11.el7.x86_64.rpm	SHA-256: 078494302e9d4c4ce914f5681c583b9ab571f3e13537c61e4a6db711528d7fcb
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.i686.rpm	SHA-256: 207e527907602b765bbfa2d394e615471078e81cb2062ca843c2c2a46b70d184
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-debuginfo-2.9.2-11.el7.x86_64.rpm	SHA-256: 72084926a3bd751376f791e7b3ca2a1a9fc0fcb599d8ab6f2c3c652f3e897e1c
fuse-devel-2.9.2-11.el7.i686.rpm	SHA-256: d150c207cb9e7b8010c8ca39533888eeec5ef1aeef015bc4f614e49628bb05f8
fuse-devel-2.9.2-11.el7.x86_64.rpm	SHA-256: ba25cb7aa1704a7261eacae4c3858d36f5c819e91f3cb4c00918c0056756f086
fuse-libs-2.9.2-11.el7.i686.rpm	SHA-256: 108eea7495fac23e206e2f0efd0d547c99ba22a6f4281e2ecda44c30c37de6fa
fuse-libs-2.9.2-11.el7.x86_64.rpm	SHA-256: b1c7bf4620118b7263f47eaaa4b8ebcdcfda0a5ce615f90ad9a176c8bc6e0eb4

Red Hat Enterprise Linux for Power, little endian 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
ppc64le
fuse-2.9.2-11.el7.ppc64le.rpm	SHA-256: 7d2c978f933222f596ba054bac72fd9da8e72201be4f1adcbcd600b1295dd3bd
fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm	SHA-256: 4422931ef6b8db4ec81b95d56bcf57174da9681305daeee0d554f0030cf2d48b
fuse-devel-2.9.2-11.el7.ppc64le.rpm	SHA-256: 392b4a167263ad08fc8c43b3cca0cb6fdbcd65eb4623c099d5df1d3249780726
fuse-libs-2.9.2-11.el7.ppc64le.rpm	SHA-256: 49f9d851701b80692a544e2113fabc0d15010341582270cd5b62015f7a1c8a90

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
s390x
fuse-2.9.2-11.el7.s390x.rpm	SHA-256: a61ffa251119a127d0f4dabb8d5d0979b60ea02c09e5136db5725e418d24e8d0
fuse-debuginfo-2.9.2-11.el7.s390.rpm	SHA-256: 5e1c8145835c6bbbdced5ad0d01622291edf10b5b3a42a4da0a28597db3ed17d
fuse-debuginfo-2.9.2-11.el7.s390x.rpm	SHA-256: 0ed894e9c5b7596b092dc8f2ec46f569828c10458691ef5c2ce80fbaf45956c1
fuse-devel-2.9.2-11.el7.s390.rpm	SHA-256: 02dac46a09eb780c1d1ce2958d634949253e27facae269451b1f95539a014310
fuse-devel-2.9.2-11.el7.s390x.rpm	SHA-256: 452010a2cb906a07b797883c0bb661cb590a8f453c59a27592f6b3e52b37b070
fuse-libs-2.9.2-11.el7.s390.rpm	SHA-256: 52d94b346f138235b495373d712f614c7a8a206c88b60b62b8adc78cb9902df8
fuse-libs-2.9.2-11.el7.s390x.rpm	SHA-256: 896b794b7e22653b12919f4fd3458f2c86ecc0ad6c7f818468f836aee4df716d

Red Hat Enterprise Linux for ARM 64 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
aarch64
fuse-2.9.2-11.el7.aarch64.rpm	SHA-256: eb18664d700a2cbcfd2284d5198e39acbc60860bd01f9890c31e826997fd45b2
fuse-debuginfo-2.9.2-11.el7.aarch64.rpm	SHA-256: 65c0cb57689b26256f5ccfb5daab824adaa8e3625a4132fd8803c97d00ca9a13
fuse-devel-2.9.2-11.el7.aarch64.rpm	SHA-256: 44a15d85ed026fa832148fe594ebb30d47e484e4a8bc18a5bda03ec4e1e991c2
fuse-libs-2.9.2-11.el7.aarch64.rpm	SHA-256: 3e18a48cf9bb406932cc593d626cf0df4e9497362afcedd2042131c6496254f1

Red Hat Enterprise Linux for Power 9 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
ppc64le
fuse-2.9.2-11.el7.ppc64le.rpm	SHA-256: 7d2c978f933222f596ba054bac72fd9da8e72201be4f1adcbcd600b1295dd3bd
fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm	SHA-256: 4422931ef6b8db4ec81b95d56bcf57174da9681305daeee0d554f0030cf2d48b
fuse-devel-2.9.2-11.el7.ppc64le.rpm	SHA-256: 392b4a167263ad08fc8c43b3cca0cb6fdbcd65eb4623c099d5df1d3249780726
fuse-libs-2.9.2-11.el7.ppc64le.rpm	SHA-256: 49f9d851701b80692a544e2113fabc0d15010341582270cd5b62015f7a1c8a90

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
s390x
fuse-2.9.2-11.el7.s390x.rpm	SHA-256: a61ffa251119a127d0f4dabb8d5d0979b60ea02c09e5136db5725e418d24e8d0
fuse-debuginfo-2.9.2-11.el7.s390.rpm	SHA-256: 5e1c8145835c6bbbdced5ad0d01622291edf10b5b3a42a4da0a28597db3ed17d
fuse-debuginfo-2.9.2-11.el7.s390x.rpm	SHA-256: 0ed894e9c5b7596b092dc8f2ec46f569828c10458691ef5c2ce80fbaf45956c1
fuse-devel-2.9.2-11.el7.s390.rpm	SHA-256: 02dac46a09eb780c1d1ce2958d634949253e27facae269451b1f95539a014310
fuse-devel-2.9.2-11.el7.s390x.rpm	SHA-256: 452010a2cb906a07b797883c0bb661cb590a8f453c59a27592f6b3e52b37b070
fuse-libs-2.9.2-11.el7.s390.rpm	SHA-256: 52d94b346f138235b495373d712f614c7a8a206c88b60b62b8adc78cb9902df8
fuse-libs-2.9.2-11.el7.s390x.rpm	SHA-256: 896b794b7e22653b12919f4fd3458f2c86ecc0ad6c7f818468f836aee4df716d

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
ppc64
fuse-2.9.2-11.el7.ppc64.rpm	SHA-256: 4d62c048b85a0954bc41c1d0057c4f5057efdacff6501518809c970fc7982cc2
fuse-debuginfo-2.9.2-11.el7.ppc.rpm	SHA-256: d448ca67e0d7f560860afc67ec5a579e701e96906740209ef99dee5b7f298a94
fuse-debuginfo-2.9.2-11.el7.ppc64.rpm	SHA-256: 9f1d7a6f1efcc02257d23c8da2648b1d48501d32cb41cb9229e125f80a50c493
fuse-devel-2.9.2-11.el7.ppc.rpm	SHA-256: d1d103784636c42f3132c91adb9d55e5fcb5956459b9a2de4a9443419c72d8d0
fuse-devel-2.9.2-11.el7.ppc64.rpm	SHA-256: 8ee86cb44c3b0f460097f1003374ea5f51b6b4a263a89f05aaecfa97e780cfc8
fuse-libs-2.9.2-11.el7.ppc.rpm	SHA-256: 5ad9ab4d0aa9737020e572e66357db18ce1e8e888fe275ba3e7e354919259497
fuse-libs-2.9.2-11.el7.ppc64.rpm	SHA-256: f2ea87c5d361a1fd0cf0a36cc01a6e586a1e70228cb9f79e55c6e08a8a76e8ed

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
fuse-2.9.2-11.el7.src.rpm	SHA-256: 1ac3d1d68bb05857684943a610330727f01c7265ef7a3c9c861c04bbdb44569f
ppc64le
fuse-2.9.2-11.el7.ppc64le.rpm	SHA-256: 7d2c978f933222f596ba054bac72fd9da8e72201be4f1adcbcd600b1295dd3bd
fuse-debuginfo-2.9.2-11.el7.ppc64le.rpm	SHA-256: 4422931ef6b8db4ec81b95d56bcf57174da9681305daeee0d554f0030cf2d48b
fuse-devel-2.9.2-11.el7.ppc64le.rpm	SHA-256: 392b4a167263ad08fc8c43b3cca0cb6fdbcd65eb4623c099d5df1d3249780726
fuse-libs-2.9.2-11.el7.ppc64le.rpm	SHA-256: 49f9d851701b80692a544e2113fabc0d15010341582270cd5b62015f7a1c8a90

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation