USN-2142-1: UDisks vulnerability
10 March 2014
UDisks could be made to crash or run programs as an administrator.
- udisks - service to access and manipulate storage devices
- udisks2 - service to access and manipulate storage devices
Florian Weimer discovered that UDisks incorrectly handled certain long path
names. A local attacker could use this issue to cause udisks to crash,
resulting in a denial of service, or possibly execute arbitrary code.
The default compiler options for affected releases should reduce the
vulnerability to a denial of service.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to reboot your computer to make all
the necessary changes.