CentOS Errata and Security Advisory CESA-2014:0293
The udisks package provides a daemon, a D-Bus API, and command line
utilities for managing disks and storage devices.
A stack-based buffer overflow flaw was found in the way udisks handled
files with long path names. A malicious, local user could use this flaw to
create a specially crafted directory structure that, when processed by the
udisks daemon, could lead to arbitrary code execution with the privileges
of the udisks daemon (root). (CVE-2014-0004)
This issue was discovered by Florian Weimer of the Red Hat Product
Security Team.
All udisks users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-March/082362.html
Affected packages:
udisks
udisks-devel
udisks-devel-docs
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0293
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | udisks | < 1.0.1-7.el6_5 | udisks-1.0.1-7.el6_5.i686.rpm |
CentOS | 6 | i686 | udisks-devel | < 1.0.1-7.el6_5 | udisks-devel-1.0.1-7.el6_5.i686.rpm |
CentOS | 6 | noarch | udisks-devel-docs | < 1.0.1-7.el6_5 | udisks-devel-docs-1.0.1-7.el6_5.noarch.rpm |
CentOS | 6 | x86_64 | udisks | < 1.0.1-7.el6_5 | udisks-1.0.1-7.el6_5.x86_64.rpm |
CentOS | 6 | i686 | udisks-devel | < 1.0.1-7.el6_5 | udisks-devel-1.0.1-7.el6_5.i686.rpm |
CentOS | 6 | x86_64 | udisks-devel | < 1.0.1-7.el6_5 | udisks-devel-1.0.1-7.el6_5.x86_64.rpm |
CentOS | 6 | noarch | udisks-devel-docs | < 1.0.1-7.el6_5 | udisks-devel-docs-1.0.1-7.el6_5.noarch.rpm |