Explore top 10 tips to secure your open-source projects now. Read More
×
Rebase to latest upstream release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8847e1e2c 2026-03-13 00:15:54.963665+00:00 -------------------------------------------------------------------------------- Name : udisks2 Product : Fedora 44 Version : 2.11.1 Release : 1.fc44 URL : https://github.com/storaged-project/udisks Summary : Disk Manager Description : The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. -------------------------------------------------------------------------------- Update Information: Rebase to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 25 2026 Tomas Bzatek - 2.11.1-1 - Version 2.11.1 (#2442584,#2442588) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442584 - CVE-2026-26103 udisks2: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442584 [ 2 ] Bug #2442588 - CVE-2026-26104 udisks2: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442588 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8847e1e2c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-3476 http://linux.oracle.com/errata/ELSA-2026-3476.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: libudisks2-2.10.90-6.0.1.el10_1.1.x86_64.rpm libudisks2-devel-2.10.90-6.0.1.el10_1.1.x86_64.rpm udisks2-2.10.90-6.0.1.el10_1.1.x86_64.rpm udisks2-iscsi-2.10.90-6.0.1.el10_1.1.x86_64.rpm udisks2-lsm-2.10.90-6.0.1.el10_1.1.x86_64.rpm udisks2-lvm2-2.10.90-6.0.1.el10_1.1.x86_64.rpm aarch64: libudisks2-2.10.90-6.0.1.el10_1.1.aarch64.rpm libudisks2-devel-2.10.90-6.0.1.el10_1.1.aarch64.rpm udisks2-2.10.90-6.0.1.el10_1.1.aarch64.rpm udisks2-iscsi-2.10.90-6.0.1.el10_1.1.aarch64.rpm udisks2-lsm-2.10.90-6.0.1.el10_1.1.aarch64.rpm udisks2-lvm2-2.10.90-6.0.1.el10_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/udisks2-2.10.90-6.0.1.el10_1.1.src.rpm Related CVEs: CVE-2026-26103 CVE-2026-26104 Description of changes: [2.10.90-6.0.1.el10_1.1] - Enable btrfs support for OL supported arches [Orabug: 37464632] [2.10.90-6.1] - Add missing polkit check for RestoreEncryptedHeader() (CVE-2026-26103) (RHEL-148565) - Add missing polkit check for HeaderBackup() (CVE-2026-26104) (RHEL-148588) _______________________________________________ El-errata mailing list
Important: udisks2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3476", "synopsis": "Important: udisks2 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for udisks2.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.\n\nSecurity Fix(es):\n\n* udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API (CVE-2026-26104)\n\n* udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API (CVE-2026-26103)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2433719", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2433719", "description": ""}, {"ticket": "2433717", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2433717", "description": ""}], "cves": [{"name": "CVE-2026-26103", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-26103", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss3BaseScore": "7.1", "cwe": "CWE-862"}, {"name": "CVE-2026-26104", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-26104", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-862"}], "references": [], "publishedAt": "2026-03-05T09:12:24.748134Z", "rpms": {"Rocky Linux 10": {"nvras": ["udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm","udisks2-lsm-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lsm-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lsm-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.x86_64.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-0:2.10.90-6.el10_1.1.src.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.aarch64.rpm", "libudisks2-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lsm-0:2.10.90-6.el10_1.1.aarch64.rpm", "libudisks2-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm","udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical udisks2 security update for Rocky Linux 10 addressing authorization issues. Ensure system integrity and protect data.. Rocky Linux, udisks2, security, important update, backdoor. . Severity: Important. LinuxSecurity.com Team
Rebase to latest upstream release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c6d7c9de1d 2026-02-27 00:52:14.662444+00:00 -------------------------------------------------------------------------------- Name : udisks2 Product : Fedora 43 Version : 2.11.1 Release : 1.fc43 URL : https://github.com/storaged-project/udisks Summary : Disk Manager Description : The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. -------------------------------------------------------------------------------- Update Information: Rebase to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 25 2026 Tomas Bzatek - 2.11.1-1 - Version 2.11.1 (#2442584,#2442588) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442584 - CVE-2026-26103 udisks2: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442584 [ 2 ] Bug #2442588 - CVE-2026-26104 udisks2: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442588 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c6d7c9de1d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # Security update for udisks2 Announcement ID: SUSE-SU-2026:20213-1 Release Date: 2026-01-30T14:30:57Z Rating: moderate References: * bsc#1248502 Cross-References: * CVE-2025-8067 CVSS scores: * CVE-2025-8067 ( SUSE ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2025-8067 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for udisks2 fixes the following issues: * CVE-2025-8067: Fixed a missing bounds check that could lead to out-of-bounds read in udisks daemon (bsc#1248502). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-226=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-226=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libudisks2-0_btrfs-debuginfo-2.10.1-160000.3.1 * libudisks2-0_lvm2-debuginfo-2.10.1-160000.3.1 * libudisks2-0_lvm2-2.10.1-160000.3.1 * libudisks2-0_btrfs-2.10.1-160000.3.1 * typelib-1_0-UDisks-2_0-2.10.1-160000.3.1 * udisks2-debuginfo-2.10.1-160000.3.1 * libudisks2-0-devel-2.10.1-160000.3.1 * udisks2-2.10.1-160000.3.1 * libudisks2-0_lsm-2.10.1-160000.3.1 * udisks2-debugsource-2.10.1-160000.3.1 * libudisks2-0_lsm-debuginfo-2.10.1-160000.3.1 * libudisks2-0-debuginfo-2.10.1-160000.3.1 * libudisks2-0-2.10.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * udisks2-zsh-completion-2.10.1-160000.3.1 * udisks2-lang-2.10.1-160000.3.1 *udisks2-docs-2.10.1-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * libudisks2-0_btrfs-debuginfo-2.10.1-160000.3.1 * libudisks2-0_lvm2-debuginfo-2.10.1-160000.3.1 * libudisks2-0_lvm2-2.10.1-160000.3.1 * libudisks2-0_btrfs-2.10.1-160000.3.1 * typelib-1_0-UDisks-2_0-2.10.1-160000.3.1 * udisks2-debuginfo-2.10.1-160000.3.1 * libudisks2-0-devel-2.10.1-160000.3.1 * udisks2-2.10.1-160000.3.1 * libudisks2-0_lsm-2.10.1-160000.3.1 * udisks2-debugsource-2.10.1-160000.3.1 * libudisks2-0_lsm-debuginfo-2.10.1-160000.3.1 * libudisks2-0-debuginfo-2.10.1-160000.3.1 * libudisks2-0-2.10.1-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * udisks2-zsh-completion-2.10.1-160000.3.1 * udisks2-lang-2.10.1-160000.3.1 * udisks2-docs-2.10.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8067.html * https://bugzilla.suse.com/show_bug.cgi?id=1248502 . SUSE provides a moderate security advisory for udisks2, addressing an out-of-bounds issue with CVE-2025-8067.. SUSE Security Advisory, udisks2 Update, Moderate Severity Fix, Linux Security Update. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for udisks2 Announcement ID: SUSE-SU-2026:20206-1 Release Date: 2026-01-30T14:28:06Z Rating: moderate References: * bsc#1248502 Cross-References: * CVE-2025-8067 CVSS scores: * CVE-2025-8067 ( SUSE ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2025-8067 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for udisks2 fixes the following issues: * CVE-2025-8067: Fixed a missing bounds check that could lead to out-of-bounds read in udisks daemon (bsc#1248502). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-226=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libudisks2-0_btrfs-2.10.1-160000.3.1 * libudisks2-0-2.10.1-160000.3.1 * libudisks2-0_lvm2-2.10.1-160000.3.1 * libudisks2-0_lvm2-debuginfo-2.10.1-160000.3.1 * udisks2-debuginfo-2.10.1-160000.3.1 * udisks2-2.10.1-160000.3.1 * libudisks2-0-debuginfo-2.10.1-160000.3.1 * udisks2-debugsource-2.10.1-160000.3.1 * libudisks2-0_btrfs-debuginfo-2.10.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8067.html * https://bugzilla.suse.com/show_bug.cgi?id=1248502 . SUSE has released a moderate security advisory for udisks2, addressing CVE-2025-8067 with critical patch instructions. Secure your systems!. SUSE Update, udisks2 Security Patch, CVE-2025-8067, Linux Security Update. . LinuxSecurity.com Team
* bsc#1248502 Cross-References: * CVE-2025-8067 . # Security update for udisks2 Announcement ID: SUSE-SU-2025:20801-1 Release Date: 2025-09-26T09:12:30Z Rating: important References: * bsc#1248502 Cross-References: * CVE-2025-8067 CVSS scores: * CVE-2025-8067 ( SUSE ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2025-8067 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for udisks2 fixes the following issues: * CVE-2025-8067: Fixed missing bounds check that could lead to out-of-bounds read in udisks daemon (bsc#1248502) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-287=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libudisks2-0-2.9.4-slfo.1.1_2.1 * libudisks2-0_btrfs-debuginfo-2.9.4-slfo.1.1_2.1 * libudisks2-0_btrfs-2.9.4-slfo.1.1_2.1 * udisks2-2.9.4-slfo.1.1_2.1 * udisks2-debuginfo-2.9.4-slfo.1.1_2.1 * libudisks2-0_lvm2-debuginfo-2.9.4-slfo.1.1_2.1 * libudisks2-0-debuginfo-2.9.4-slfo.1.1_2.1 * udisks2-debugsource-2.9.4-slfo.1.1_2.1 * libudisks2-0_lvm2-2.9.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8067.html * https://bugzilla.suse.com/show_bug.cgi?id=1248502 . SUSE's security advisory fixes udisks2 with CVE-2025-8067, addressing an important issue with potential out-of-bounds access.. SUSE Linux Micro, udisks2, important update, out of bounds access, security advisory. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-16130 http://linux.oracle.com/errata/ELSA-2025-16130.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libudisks2-2.8.4-1.0.1.el7.i686.rpm libudisks2-2.8.4-1.0.1.el7.x86_64.rpm libudisks2-devel-2.8.4-1.0.1.el7.i686.rpm libudisks2-devel-2.8.4-1.0.1.el7.x86_64.rpm udisks2-2.8.4-1.0.1.el7.x86_64.rpm udisks2-iscsi-2.8.4-1.0.1.el7.x86_64.rpm udisks2-lsm-2.8.4-1.0.1.el7.x86_64.rpm udisks2-lvm2-2.8.4-1.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/udisks2-2.8.4-1.0.1.el7.src.rpm Related CVEs: CVE-2025-8067 Description of changes: [2.8.4-1.0.1] - Fix index underflow in LoopSetup (CVE-2025-8067) [Orabug: 38444282] _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.