openSUSE Security Update: udisks: fixed a buffer overflow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0389-1 Rating: moderate References: #865854 Cross-References: CVE-2014-0004 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: udisks was updated to fix a buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths. (bnc#865854, CVE-2014-0004) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-219 - openSUSE 12.3: zypper in -t patch openSUSE-2014-219 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): udisks-1.0.4-13.4.1 udisks-debuginfo-1.0.4-13.4.1 udisks-debugsource-1.0.4-13.4.1 udisks-devel-1.0.4-13.4.1 - openSUSE 12.3 (i586 x86_64): udisks-1.0.4-11.4.1 udisks-debuginfo-1.0.4-11.4.1 udisks-debugsource-1.0.4-11.4.1 udisks-devel-1.0.4-11.4.1 References: http://support.novell.com/security/cve/CVE-2014-0004.html https://bugzilla.novell.com/865854