Oval Definition:oval:com.redhat.rhsa:def:20140293
Revision Date:2014-03-13Version:637
Title:RHSA-2014:0293: udisks security update (Important)
Description:The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices.

  • A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon (root). (CVE-2014-0004)

    This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

    All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2014-0004
    CVE-2014-0004
    RHSA-2014:0293
    RHSA-2014:0293-00
    RHSA-2014:0293-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • udisks is earlier than 0:1.0.1-7.el6_5
  • AND udisks is signed with Red Hat redhatrelease2 key
  • udisks-devel is earlier than 0:1.0.1-7.el6_5
  • AND udisks-devel is signed with Red Hat redhatrelease2 key
  • udisks-devel-docs is earlier than 0:1.0.1-7.el6_5
  • AND udisks-devel-docs is signed with Red Hat redhatrelease2 key
  • BACK