RHSA-2014:0293-01 -- Redhat udisksID: oval:org.secpod.oval:def:501204 | Date: (C)2014-03-21 (M)2023-07-28 |
Class: PATCH | Family: unix |
The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon . This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Platform: |
Red Hat Enterprise Linux 6 |