Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0388-1: moderate: udisks2: fixed buffer overflow in mountpoint parsing
openSUSE Security Update: udisks2: fixed buffer overflow in mountpoint
parsing
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0388-1
Rating: moderate
References: #865854
Cross-References: CVE-2014-0004
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


udisks2 was updated to fix a buffer overflow in mount path
parsing. If users have the possibility to create very long
mount points, such as with FUSE, they could cause udisksd
to crash, or even to run arbitrary code as root with
specially crafted mount paths. (bnc#865854, CVE-2014-0004)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-220

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-220

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

libudisks2-0-2.1.1-2.4.1
libudisks2-0-debuginfo-2.1.1-2.4.1
typelib-1_0-UDisks-2_0-2.1.1-2.4.1
udisks2-2.1.1-2.4.1
udisks2-debuginfo-2.1.1-2.4.1
udisks2-debugsource-2.1.1-2.4.1
udisks2-devel-2.1.1-2.4.1

- openSUSE 13.1 (noarch):

udisks2-lang-2.1.1-2.4.1

- openSUSE 12.3 (i586 x86_64):

libudisks2-0-2.0.0-5.8.1
libudisks2-0-debuginfo-2.0.0-5.8.1
typelib-1_0-UDisks-2_0-2.0.0-5.8.1
udisks2-2.0.0-5.8.1
udisks2-debuginfo-2.0.0-5.8.1
udisks2-debugsource-2.0.0-5.8.1
udisks2-devel-2.0.0-5.8.1

- openSUSE 12.3 (noarch):

udisks2-lang-2.0.0-5.8.1


References:

http://support.novell.com/security/cve/CVE-2014-0004.html
https://bugzilla.novell.com/865854


< Previous Next >
This Thread
  • No further messages