Tuesday, March 11, 2014

Security Updates: udisks, udisks2

Two security updates were released today and they all came from the same project: udisks and udisks2. Both have the same CVE entries, meaning both are vulnerable to the same bugs. Both are applied to Slackware 14.0 and newer.

Here is the description found on the ChangeLog:
This update fixes a stack-based buffer overflow when handling long path names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).