Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 827863 (CVE-2021-3802)

Summary: <sys-fs/udisks-2.9.4: Denial of service (CVE-2021-3802)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: freedesktop-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 828407    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-29 23:06:31 UTC 
Description:
"Several user-accessible mount helpers use insecure defaults which allow
ext2/3/4 file systems to cause a denial of service (kernel panic) upon mounting a
crafted image.  This is especially relevant when mounts can be caused by
unprivileged users or are configured to happen automatically and completely
unauthorized."

Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt

Fixed in 2.9.4.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-20 18:27:33 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3a44ae812a379a33f99bd0f7f474b6e37ced1d4

commit b3a44ae812a379a33f99bd0f7f474b6e37ced1d4
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2022-05-20 18:26:56 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2022-05-20 18:27:23 +0000

    sys-fs/udisks: drop 2.9.3
    
    Bug: https://bugs.gentoo.org/827863
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 sys-fs/udisks/Manifest            |   1 -
 sys-fs/udisks/udisks-2.9.3.ebuild | 135 --------------------------------------
 2 files changed, 136 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-21 00:28:40 UTC 
Thanks!