pool/udisks2
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:slfo-main
Branches Tags
pool:slfo-1.2 pool:slfo-main pool:factory

2 Commits
slfo-1.2 ... slfo-main

Author SHA256 Message Date
Thomas Blume
b43b2cbf8a (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502) 2025-12-22 17:51:39 +01:00
Thomas Blume
a0a139a3b7 Fix dbus daemon requires 2025-11-18 09:34:10 +01:00
3 changed files with 39 additions and 1 deletions
Expand all files Collapse all files

25
0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch Normal file
View File

@@ -0,0 +1,25 @@
From 62edfa5bebb64611df7b945c94dda8826ed9e7af Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Fri, 22 Aug 2025 15:34:25 +0200
Subject: [PATCH] udiskslinuxmanager: Add lower bounds check to fd_index
---
src/udiskslinuxmanager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
index d15eba6..e2df3ba 100644
--- a/src/udiskslinuxmanager.c
+++ b/src/udiskslinuxmanager.c
@@ -339,7 +339,7 @@ handle_loop_setup (UDisksManager *object,
goto out;
fd_num = g_variant_get_handle (fd_index);
- if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
+ if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
{
g_dbus_method_invocation_return_error (invocation,
UDISKS_ERROR,
--
2.50.0

12
udisks2.changes
View File

@@ -1,3 +1,15 @@
-------------------------------------------------------------------
Mon Dec 22 16:48:02 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
- (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds
read in udisks daemon (bsc#1248502)
+ add 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
-------------------------------------------------------------------
Tue Nov 18 08:22:44 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
- Fix dbus daemon requires, it's dbus-service, not dbus-1
-------------------------------------------------------------------
Fri Feb 14 13:24:13 UTC 2025 - Thomas Blume <thomas.blume@suse.com>

3
udisks2.spec
View File

@@ -34,6 +34,7 @@ Source0: %{url}/releases/download/udisks-%{version}/udisks-%{version}.tar
# an exception will be silently removed with the next version update.
Patch0: harden_udisks2.service.patch
Patch1: 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
BuildRequires: chrpath
BuildRequires: docbook-xsl-stylesheets
@@ -68,7 +69,7 @@ Requires: libudisks2-%{soversion} = %{version}
# For LUKS devices
Requires: cryptsetup
# Needed to pull in the system bus daemon
Requires: dbus-1 >= 1.4.0
Requires: dbus-service
# For mkfs.vfat
Requires: dosfstools
# For mkfs.ext3, mkfs.ext3, e2label