Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Scientific Linux: SLSA-2014:0293-1 Important: Udisks Buffer Overflow Risk

Scientific Large Esm H446
Important: udisks security update
Date: Thu, 13 Mar 2014 20:10:37 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: udisks on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: udisks security update
Advisory ID: SLSA-2014:0293-1
Issue Date: 2014-03-13
CVE Numbers: CVE-2014-0004
--

A stack-based buffer overflow flaw was found in the way udisks handled
files with long path names. A malicious, local user could use this flaw to
create a specially crafted directory structure that, when processed by the
udisks daemon, could lead to arbitrary code execution with the privileges
of the udisks daemon (root). (CVE-2014-0004)

--

SL6
 x86_64
 udisks-1.0.1-7.el6_5.x86_64.rpm
 udisks-debuginfo-1.0.1-7.el6_5.x86_64.rpm
 udisks-debuginfo-1.0.1-7.el6_5.i686.rpm
 udisks-devel-1.0.1-7.el6_5.i686.rpm
 udisks-devel-1.0.1-7.el6_5.x86_64.rpm
 i386
 udisks-1.0.1-7.el6_5.i686.rpm
 udisks-debuginfo-1.0.1-7.el6_5.i686.rpm
 udisks-devel-1.0.1-7.el6_5.i686.rpm
 noarch
 udisks-devel-docs-1.0.1-7.el6_5.noarch.rpm

- Scientific Linux Development Team