Description: | The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices.
A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon (root). (CVE-2014-0004)
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
|