Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0390-1: moderate: udisks: fixed a buffer overflow
openSUSE Security Update: udisks: fixed a buffer overflow
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0390-1
Rating: moderate
References: #865854
Cross-References: CVE-2014-0004
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

udisks was updated to fix a buffer overflow in mount path
parsing.

If users have the possibility to create very long mount
points, such as with FUSE, they could cause udisksd to
crash, or even to run arbitrary code as root with specially
crafted mount paths.(bnc#865854, CVE-2014-0004)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2014-35

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

udisks-1.0.2-3.16.1
udisks-debuginfo-1.0.2-3.16.1
udisks-debugsource-1.0.2-3.16.1
udisks-devel-1.0.2-3.16.1


References:

http://support.novell.com/security/cve/CVE-2014-0004.html
https://bugzilla.novell.com/865854


< Previous Next >
This Thread
  • No further messages