2014-03-05 12:26:00 |
Martin Pitt |
bug |
|
|
added bug |
2014-03-05 12:26:00 |
Martin Pitt |
attachment added |
|
original patch from Huzaifa Sidhpurwala https://bugs.launchpad.net/bugs/1288226/+attachment/4008237/+files/udisks.patch |
|
2014-03-05 12:26:19 |
Martin Pitt |
cve linked |
|
2014-0004 |
|
2014-03-05 12:26:39 |
Martin Pitt |
bug task added |
|
udisks (Ubuntu) |
|
2014-03-05 12:26:58 |
Martin Pitt |
nominated for series |
|
Ubuntu Saucy |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks (Ubuntu Saucy) |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks2 (Ubuntu Saucy) |
|
2014-03-05 12:26:58 |
Martin Pitt |
nominated for series |
|
Ubuntu Quantal |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks (Ubuntu Quantal) |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks2 (Ubuntu Quantal) |
|
2014-03-05 12:26:58 |
Martin Pitt |
nominated for series |
|
Ubuntu Trusty |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks (Ubuntu Trusty) |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks2 (Ubuntu Trusty) |
|
2014-03-05 12:26:58 |
Martin Pitt |
nominated for series |
|
Ubuntu Lucid |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks (Ubuntu Lucid) |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks2 (Ubuntu Lucid) |
|
2014-03-05 12:26:58 |
Martin Pitt |
nominated for series |
|
Ubuntu Precise |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks (Ubuntu Precise) |
|
2014-03-05 12:26:58 |
Martin Pitt |
bug task added |
|
udisks2 (Ubuntu Precise) |
|
2014-03-05 12:27:16 |
Martin Pitt |
bug task deleted |
udisks2 (Ubuntu Lucid) |
|
|
2014-03-05 12:27:21 |
Martin Pitt |
bug task deleted |
udisks2 (Ubuntu Precise) |
|
|
2014-03-05 12:45:10 |
Marc Deslauriers |
udisks2 (Ubuntu Quantal): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2014-03-05 12:45:19 |
Marc Deslauriers |
udisks2 (Ubuntu Saucy): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2014-03-05 12:45:27 |
Marc Deslauriers |
udisks (Ubuntu Lucid): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2014-03-05 12:45:35 |
Marc Deslauriers |
udisks (Ubuntu Precise): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2014-03-05 12:45:43 |
Marc Deslauriers |
udisks (Ubuntu Quantal): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2014-03-05 12:45:51 |
Marc Deslauriers |
udisks (Ubuntu Saucy): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2014-03-05 12:47:06 |
Marc Deslauriers |
udisks (Ubuntu Lucid): status |
New |
Won't Fix |
|
2014-03-05 12:47:06 |
Marc Deslauriers |
udisks (Ubuntu Lucid): assignee |
Marc Deslauriers (mdeslaur) |
|
|
2014-03-05 13:21:34 |
Martin Pitt |
attachment added |
|
improved udisks2 patch https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008262/+files/udisks2.patch |
|
2014-03-05 13:21:58 |
Martin Pitt |
attachment added |
|
backported patch for udisks 1 https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008263/+files/udisks1.patch |
|
2014-03-05 13:22:10 |
Martin Pitt |
udisks (Ubuntu Trusty): importance |
Undecided |
Low |
|
2014-03-05 13:22:10 |
Martin Pitt |
udisks (Ubuntu Trusty): status |
New |
In Progress |
|
2014-03-05 13:22:10 |
Martin Pitt |
udisks (Ubuntu Trusty): assignee |
|
Martin Pitt (pitti) |
|
2014-03-05 13:22:23 |
Martin Pitt |
udisks2 (Ubuntu Trusty): status |
New |
In Progress |
|
2014-03-05 13:22:23 |
Martin Pitt |
udisks2 (Ubuntu Trusty): assignee |
|
Martin Pitt (pitti) |
|
2014-03-05 16:04:02 |
Martin Pitt |
attachment removed |
improved udisks2 patch https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008262/+files/udisks2.patch |
|
|
2014-03-05 16:04:15 |
Martin Pitt |
attachment removed |
backported patch for udisks 1 https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008263/+files/udisks1.patch |
|
|
2014-03-05 16:04:47 |
Martin Pitt |
attachment added |
|
improved udisks2 patch https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008467/+files/udisks2.patch |
|
2014-03-05 16:05:03 |
Martin Pitt |
attachment added |
|
fixed backported patch for udisks 1 https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008468/+files/udisks1.patch |
|
2014-03-10 09:28:34 |
Martin Pitt |
description |
EMBARGOED until 2014-03-10
Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root).
Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise.
I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue. |
EMBARGOED until 2014-03-10
PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root).
Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise.
I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue.
Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967
Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471 |
|
2014-03-10 09:28:46 |
Martin Pitt |
attachment removed |
improved udisks2 patch https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008467/+files/udisks2.patch |
|
|
2014-03-10 09:28:53 |
Martin Pitt |
attachment removed |
fixed backported patch for udisks 1 https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008468/+files/udisks1.patch |
|
|
2014-03-10 09:29:54 |
Martin Pitt |
information type |
Private Security |
Public Security |
|
2014-03-10 09:45:27 |
Martin Pitt |
udisks2 (Ubuntu Trusty): importance |
Low |
Medium |
|
2014-03-10 09:45:27 |
Martin Pitt |
udisks2 (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2014-03-10 10:26:23 |
Martin Pitt |
udisks (Ubuntu Trusty): importance |
Low |
Medium |
|
2014-03-10 10:26:23 |
Martin Pitt |
udisks (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2014-03-10 10:36:24 |
Martin Pitt |
description |
EMBARGOED until 2014-03-10
PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root).
Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise.
I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue.
Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967
Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471 |
EMBARGOED until 2014-03-10
PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root).
Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise.
I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue.
Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967
Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471
Debian stable updates debdiffs: http://people.debian.org/~mpitt/tmp/udisks-CVE-2014-0004/ |
|
2014-03-10 11:49:58 |
Launchpad Janitor |
udisks (Ubuntu Saucy): status |
New |
Fix Released |
|
2014-03-10 11:50:10 |
Launchpad Janitor |
udisks2 (Ubuntu Saucy): status |
New |
Fix Released |
|
2014-03-10 11:55:19 |
Launchpad Janitor |
udisks (Ubuntu Quantal): status |
New |
Fix Released |
|
2014-03-10 11:55:25 |
Launchpad Janitor |
udisks2 (Ubuntu Quantal): status |
New |
Fix Released |
|
2014-03-10 11:55:30 |
Launchpad Janitor |
udisks (Ubuntu Precise): status |
New |
Fix Released |
|
2014-03-10 12:04:32 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/udisks2/quantal-security |
|
2014-03-10 12:04:47 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/saucy/udisks2/saucy-security |
|
2014-03-10 12:06:33 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/udisks |
|
2014-03-10 12:06:47 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/udisks/quantal-security |
|
2014-03-10 12:06:59 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/saucy/udisks/saucy-security |
|
2014-03-10 12:24:54 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2014-03-10 16:31:31 |
Launchpad Janitor |
branch linked |
|
lp:debian/udisks |
|
2014-03-10 17:10:38 |
Launchpad Janitor |
udisks (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2014-03-10 17:22:51 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/udisks |
|
2014-03-10 17:51:37 |
Launchpad Janitor |
udisks2 (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2015-06-10 04:32:07 |
Launchpad Janitor |
branch linked |
|
lp:~fourdollars/ubuntu/trusty/udisks2/1455533 |
|