home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.announce.security      Debian security announcements I think?      29 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 18 of 29   
   Salvatore Bonaccorso to All   
   [SECURITY] [DSA 5989-1] udisks2 security   
   28 Aug 25 21:00:01   
   
   From: carnil@debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   - -------------------------------------------------------------------------   
   Debian Security Advisory DSA-5989-1                   security@debian.org   
   https://www.debian.org/security/                     Salvatore Bonaccorso   
   August 28, 2025                       https://www.debian.org/security/faq   
   - -------------------------------------------------------------------------   
      
   Package        : udisks2   
   CVE ID         : CVE-2025-8067   
      
   Michael Imfeld discovered an out-of-bounds read vulnerability in   
   udisks2, a D-Bus service to access and manipulate storage devices, which   
   may result in denial of service (daemon process crash), or in mapping an   
   internal file descriptor from the daemon process onto a loop device,   
   resulting in local privilege escalation.   
      
   For the oldstable distribution (bookworm), this problem has been fixed   
   in version 2.9.4-4+deb12u2.   
      
   For the stable distribution (trixie), this problem has been fixed in   
   version 2.10.1-12.1+deb13u1.   
      
   We recommend that you upgrade your udisks2 packages.   
      
   For the detailed security status of udisks2 please refer to its security   
   tracker page at:   
   https://security-tracker.debian.org/tracker/udisks2   
      
   Further information about Debian Security Advisories, how to apply   
   these updates to your system and frequently asked questions can be   
   found at: https://www.debian.org/security/   
      
   Mailing list: debian-security-announce@lists.debian.org   
   -----BEGIN PGP SIGNATURE-----   
      
   iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmiwpQhfFIAAAAAALgAo   
   aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2   
   NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND   
   z0QQVBAAgvsfupJs+u21UNce4L4TQLmAQxWJUzxLdB4u422Y895K7+E3lS2+o6MB   
   XSGzfQX+tSrnoHlBYItU+574OYenNTTLYG03AL4caLxvVlixf9jOrEVdkAOQSllM   
   Nh2G72JE9CJsQmhtxDVrQmfrMQGs3pXPZViY1+IZ83ADwpzsj9pFbhcMM7d2DbxP   
   2hGvFT2fs7Suu0xMWpMVr4Z+6nYvAil5OUrjgLSm95iJoY2IcblXqRlOdtk6x4r5   
   Tu0srPBQT8wHjracKZgnjYldBLHjWE0B74qo3083Om7gAuDiLlOM16m0mSLIR/J7   
   gA7AM1fR6ft+O/nUt/bt8fjhtTTWyieRFmzklc/MCir2+AXzDhCNjLR2WojURm56   
   Zig/WfRU8FNuVbBlrIxRzjjlCo0q7FVXddC5x38B1xx2yn3sQtlJGaDwY7AsSwW2   
   L+VEGfp0WCyYJi4+VgmoOqg1YNuUrTJExzGgoJhjZMNiC58DMBWCbqz325H9QjrX   
   kcOqbcc1heSTRJO4QgD0cQjbqFsZvKiI6UkxhC3PJDFa0oP0K7NFbDhztYS/2gUC   
   fW7nPkCQTZ+1DfkT5kZYM0znY9UF1s3MDS8tvzzbR5NXaJ4IuRiuhRu8TlVZMX4j   
   AT+UfOurB7eMZD9wpUHNbNLriNcqWDipwvgxic2VViCrvJXMuHI=   
   =nG5/   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca