Summary: | <sys-fs/udisks-{1.0.5:0,2.1.3:2}: stack-based buffer overflow when handling long path names (CVE-2014-0004) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | freedesktop-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/03/10/1 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-10 16:04:14 UTC
Please test and stabilize: =sys-fs/udisks-1.0.5 alpha amd64 arm ia64 ppc ppc64 sparc x86 =sys-fs/udisks-2.1.3 alpha amd64 arm ia64 ppc ppc64 sparc x86 amd64 stable x86 stable sparc stable ppc stable ia64 stable alpha stable arm stable ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Created a new GLSA Request Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. CVE-2014-0004 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0004): Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. Cleanup done by ssuominen. This issue was resolved and addressed in GLSA 201405-01 at http://security.gentoo.org/glsa/glsa-201405-01.xml by GLSA coordinator Mikle Kolyada (Zlogene). |