14 DAY TRIAL // Canonical has published details about a FUSE vulnerability in its Ubuntu 15.04, Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. This is not a major issue, but that's not a reason not to upgrade.
The FUSE package maintainers for Ubuntu have upgraded the library, and now a new patch is available through the regular channels. It looks like FUSE could have been made to overwrite files as the administrator.
According to the security notice, "Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges."
For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest fuse packages specific to each distribution. To apply the patch, run the Update Manager application.
If you don't want to use the Software Updater, you can do this from a terminal. Open a terminal and enter the following commands:
sudo apt-get dist-upgrade