udisks 2.1.3 / 1.0.5 security updates

Martin Pitt martin.pitt at ubuntu.com
Mon Mar 10 02:27:28 PDT 2014


Hello all,

Florian Weimer of the Red Hat Product Security Team found a flaw in
the way udisks and udisks2 handled long path names. A malicious, local
user could use this flaw to create a specially-crafted directory
structure that could lead to arbitrary code execution with the
privileges of the udisks daemon (root). This has been assigned
CVE-2014-0004.

This has been fixed in udisks 2.1.3. I also did a new 1.0.5 release
for udisks 1 with that fix backported, as udisks 1 is still around in
supported Linux distribution releases.

------------
udisks 2.1.3
------------
  http://udisks.freedesktop.org/releases/udisks-2.1.3.tar.bz2
  sha1sum: 093dc9a32752b63819e5d6856a8b0e3ba6d6d902

The udisks project provides a daemon, tools and libraries to access
and manipulate disks and storage devices.

This version fixes a security vulnerability (CVE-2014-0004), so please update
as soon as possible!

Changes since udisks 2.1.2:

David Zeuthen (4):
      Identify SD Card Reader in ChromeBook Pixel
      Send SCSI START STOP UNIT when powering down a drive
      udisksctl: add power-off verb to power off drives
      udisksctl: fix grammar

Marius Vollmer (1):
      Prefer /dev/VG/LV for LVM2 volumes.

Martin Pitt (2):
      Fix buffer overflow in mount path parsing. If users have the possibility
      to create very long mount points, such as with FUSE, they could cause
      udisksd to crash, or even to run arbitrary code as root with specially
      crafted mount paths.  [CVE-2014-0004]

Peter Paluch (1):
      Use SECTOR_COUNT=1 when issuing ATA IDENTIFY COMMAND

Tomas Bzatek (3):
      Use reentrant version of getpwuid() for thread safety
      udisks_daemon_util_get_caller_uid_sync(): Add missing goto
      Fix crash when loop-deleting non-loop device

Thanks to all our contributors.

Martin Pitt
March 10, 2014


------------
udisks 1.0.5
------------

  http://hal.freedesktop.org/releases/udisks-1.0.5.tar.gz
  sha1sum: cdc254579a32a6c7b9e94758bb55d544bb807bf5

udisks provides a daemon, D-Bus API and command line tools
for managing disks and storage devices.

All releases in the udisks 1.0 series will retain ABI compatibility at
the D-Bus interface level. This means that any application built
against udisks 1.0.x will work with udisks 1.0.y provided that y >=
x. At this point we do not provide any ABI guarantees for the
udisks(1) command-line tool (neither options nor the name). See the
README file for more discussion of ABI guarantees.

This version fixes a security vulnerability (CVE-2014-0004), so please update
as soon as possible!

Changes from udisks 1.0.4:

Brice De Bruyne (1):
      Fix segfault and detection for SATA-II RAID controller

David Zeuthen (2):
      udisks-daemon: Add --no-debug option and use this for D-Bus activation
      Bug 51439 – udisks should hide lvm PVs

Edward Sheldrake (1):
      Fix power/level deprecation kernel warning

Martin Pitt (9):
      Fix buffer overflow in mount path parsing. If users have the possibility
      to create very long mount points, such as with FUSE, they could cause
      udisksd to crash, or even to run arbitrary code as root with specially
      crafted mount paths. [CVE-2014-0004]

      tests/run: Fix crash if first hard disk is not SMART capable
      Add some safe and useful ntfs-3g allowed mount options
      Drop deprecated g_io_channel_seek()
      test suite: Fix test_swap to not expect successful fsck
      test suite: Fix test_reiserfs for current reiserfsprogs
      Bug 48173 — Ignore add/change events for a nonexisting native path
      Mark rts_bpp devices as SD card readers

Tom Gundersen (1):
      add systemd service file and dbus activation to the udisks1 branch

Thanks to all our contributors.

Martin Pitt
March 10, 2014


-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/devkit-devel/attachments/20140310/2cd8c48d/attachment.pgp>


More information about the devkit-devel mailing list