SCIENTIFIC-LINUX-ERRATA Archives

March 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: udisks on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 13 Mar 2014 20:10:37 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (30 lines) 
Synopsis:          Important: udisks security update
Advisory ID:       SLSA-2014:0293-1
Issue Date:        2014-03-13
CVE Numbers:       CVE-2014-0004
--

A stack-based buffer overflow flaw was found in the way udisks handled
files with long path names. A malicious, local user could use this flaw to
create a specially crafted directory structure that, when processed by the
udisks daemon, could lead to arbitrary code execution with the privileges
of the udisks daemon (root). (CVE-2014-0004)

--

SL6
  x86_64
    udisks-1.0.1-7.el6_5.x86_64.rpm
    udisks-debuginfo-1.0.1-7.el6_5.x86_64.rpm
    udisks-debuginfo-1.0.1-7.el6_5.i686.rpm
    udisks-devel-1.0.1-7.el6_5.i686.rpm
    udisks-devel-1.0.1-7.el6_5.x86_64.rpm
  i386
    udisks-1.0.1-7.el6_5.i686.rpm
    udisks-debuginfo-1.0.1-7.el6_5.i686.rpm
    udisks-devel-1.0.1-7.el6_5.i686.rpm
  noarch
    udisks-devel-docs-1.0.1-7.el6_5.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2