[Bug 1288226] Re: buffer overflow with long path names

Launchpad Bug Tracker 1288226 at bugs.launchpad.net
Mon Mar 10 17:10:38 UTC 2014 

This bug was fixed in the package udisks - 1.0.5-1

---------------
udisks (1.0.5-1) unstable; urgency=high


  * New upstream security/bug fix release. Fixes buffer overflow in mount path
    parsing. (CVE-2014-0004, LP: #1288226)
  * Drop 00git_fix_smart_test.patch, 00git_rts_bpp_sdcard.patch: contained in
    this upstream release.
  * Replace Debian specific systemd integration with upstream's:
    - Drop 11-systemd-service.patch and udisks.service.
    - debian/rules: Configure with --with-systemdsystemunitdir.
    - debian/udisks.install: Adjust .service path.
  * Use dh-autoreconf to update config.{sub,guess} for new ports.
    Thanks Dann Frazier. (LP: #1235051)
  * Add 15-dont-watch-lvm.patch: Stop udev-watching devmapper devices. It is
    not necessary any more with current kernels/LVM and breaks removal of
    snapshots. (Closes: #721303)

 -- Martin Pitt <mpitt at debian.org>  Mon, 10 Mar 2014 11:09:46 +0100

** Changed in: udisks (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to udisks in Ubuntu.
https://bugs.launchpad.net/bugs/1288226

Title:
  buffer overflow with long path names

Status in “udisks” package in Ubuntu:
  Fix Released
Status in “udisks2” package in Ubuntu:
  Fix Committed
Status in “udisks” source package in Lucid:
  Won't Fix
Status in “udisks” source package in Precise:
  Fix Released
Status in “udisks” source package in Quantal:
  Fix Released
Status in “udisks2” source package in Quantal:
  Fix Released
Status in “udisks” source package in Saucy:
  Fix Released
Status in “udisks2” source package in Saucy:
  Fix Released
Status in “udisks” source package in Trusty:
  Fix Released
Status in “udisks2” source package in Trusty:
  Fix Committed

Bug description:
  EMBARGOED until 2014-03-10
  PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html

  Florian Weimer of the Red Hat Product Security Team found a flaw in
  the way udisks and udisks2 handled long path names. A malicious, local
  user could use this flaw to create a specially-crafted directory
  structure that could lead to arbitrary code execution with the
  privileges of the udisks daemon (root).

  Huzaifa Sidhpurwala created a proposed patch. I don't like the
  changing from PATH_MAX to 4096, but it looks good otherwise.

  I'll handle the upstream bits, Debian and Ubuntu trusty updates and
  discuss the PATH_MAX issue.

  Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967
  Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471

  Debian stable updates debdiffs: http://people.debian.org/~mpitt/tmp
  /udisks-CVE-2014-0004/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+subscriptions

More information about the foundations-bugs mailing list