udisks2-2.9.4-11.el9_6.1

エラータID: AXSA:2025-10829:01

リリース日: 
2025/09/04 Thursday - 12:04
題名: 
udisks2-2.9.4-11.el9_6.1
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.

Security Fix(es):

* udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.

解決策: 

Update packages.

CVE: 
CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. udisks2-2.9.4-11.el9_6.1.src.rpm
    MD5: 93383987075d6cdd0d0b5f82e15bce48
    SHA-256: 0da79d3405e3dd3e3d1055da003ce57bccffdcc784b9f68558a2dff8d7a8e695
    Size: 1.66 MB

Asianux Server 9 for x86_64
  1. libudisks2-2.9.4-11.el9_6.1.i686.rpm
    MD5: b516dd7fa2c897e5e9cb8d6ce4e0a0ea
    SHA-256: 247844448ddb29e4d2b631855a3575467e7d7d89ebe280fb0702e26fc85a19b8
    Size: 194.37 kB
  2. libudisks2-2.9.4-11.el9_6.1.x86_64.rpm
    MD5: 02cbc70bca3d3182316e259d44edd49f
    SHA-256: fbc4502b4584f59c1e5b0b929495a1d5d1e3db9c6a8fe4b22af5dc77472d8ee0
    Size: 190.35 kB
  3. libudisks2-devel-2.9.4-11.el9_6.1.i686.rpm
    MD5: 72dfb630307866a007eb28a118d2913e
    SHA-256: 9b72204368b8a02ff9f1476061b589f5f3355bad81c4b2168b97d0115f9a314b
    Size: 414.90 kB
  4. libudisks2-devel-2.9.4-11.el9_6.1.x86_64.rpm
    MD5: 1ba3149a5076cea86797c0aea5088cec
    SHA-256: 1477c0e1b7238c228a0c7f431352ac712c1a3a0138e6b418840dd7fdc4cfeca9
    Size: 414.88 kB
  5. udisks2-2.9.4-11.el9_6.1.x86_64.rpm
    MD5: 2ab146aadcce02bf81c6d5011efe300e
    SHA-256: ce8c7333fe9ae5e8da2241877be438eef181379dd005708ef09c7d359427548d
    Size: 491.74 kB
  6. udisks2-iscsi-2.9.4-11.el9_6.1.x86_64.rpm
    MD5: 9c548ccb54e32649cf0fa0dc107ca8bc
    SHA-256: 1c0a232d5a19d3abfbbdd5aae32db706dbe1bd29e64be8e8f23be70fc7460529
    Size: 25.53 kB
  7. udisks2-lsm-2.9.4-11.el9_6.1.x86_64.rpm
    MD5: d01e6fdfed5f50ae77a24a98e3602837
    SHA-256: 05f7381160975ccefe745c788a3663081a14324f48ecc4f344948bd7b708ffb9
    Size: 26.93 kB
  8. udisks2-lvm2-2.9.4-11.el9_6.1.x86_64.rpm
    MD5: 025880ad32499f4e2c30bf5afea5b956
    SHA-256: 4ef80374ac301029ed487c61c34844c4efdd1c0242ecd515af3f0f8805937fee
    Size: 40.81 kB