Hello all, Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root). This has been assigned CVE-2014-0004.
This has been fixed in udisks 2.1.3. I also did a new 1.0.5 release for udisks 1 with that fix backported, as udisks 1 is still around in supported Linux distribution releases. ------------ udisks 2.1.3 ------------ http://udisks.freedesktop.org/releases/udisks-2.1.3.tar.bz2 sha1sum: 093dc9a32752b63819e5d6856a8b0e3ba6d6d902 The udisks project provides a daemon, tools and libraries to access and manipulate disks and storage devices. This version fixes a security vulnerability (CVE-2014-0004), so please update as soon as possible! Changes since udisks 2.1.2: David Zeuthen (4): Identify SD Card Reader in ChromeBook Pixel Send SCSI START STOP UNIT when powering down a drive udisksctl: add power-off verb to power off drives udisksctl: fix grammar Marius Vollmer (1): Prefer /dev/VG/LV for LVM2 volumes. Martin Pitt (2): Fix buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths. [CVE-2014-0004] Peter Paluch (1): Use SECTOR_COUNT=1 when issuing ATA IDENTIFY COMMAND Tomas Bzatek (3): Use reentrant version of getpwuid() for thread safety udisks_daemon_util_get_caller_uid_sync(): Add missing goto Fix crash when loop-deleting non-loop device Thanks to all our contributors. Martin Pitt March 10, 2014 ------------ udisks 1.0.5 ------------ http://hal.freedesktop.org/releases/udisks-1.0.5.tar.gz sha1sum: cdc254579a32a6c7b9e94758bb55d544bb807bf5 udisks provides a daemon, D-Bus API and command line tools for managing disks and storage devices. All releases in the udisks 1.0 series will retain ABI compatibility at the D-Bus interface level. This means that any application built against udisks 1.0.x will work with udisks 1.0.y provided that y >= x. At this point we do not provide any ABI guarantees for the udisks(1) command-line tool (neither options nor the name). See the README file for more discussion of ABI guarantees. This version fixes a security vulnerability (CVE-2014-0004), so please update as soon as possible! Changes from udisks 1.0.4: Brice De Bruyne (1): Fix segfault and detection for SATA-II RAID controller David Zeuthen (2): udisks-daemon: Add --no-debug option and use this for D-Bus activation Bug 51439 – udisks should hide lvm PVs Edward Sheldrake (1): Fix power/level deprecation kernel warning Martin Pitt (9): Fix buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths. [CVE-2014-0004] tests/run: Fix crash if first hard disk is not SMART capable Add some safe and useful ntfs-3g allowed mount options Drop deprecated g_io_channel_seek() test suite: Fix test_swap to not expect successful fsck test suite: Fix test_reiserfs for current reiserfsprogs Bug 48173 — Ignore add/change events for a nonexisting native path Mark rts_bpp devices as SD card readers Tom Gundersen (1): add systemd service file and dbus activation to the udisks1 branch Thanks to all our contributors. Martin Pitt March 10, 2014 -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
_______________________________________________ devkit-devel mailing list devkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/devkit-devel
