Hide Forgot
Bastian Blank reported: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687 an information leak in the way udisks's disks and storage device management daemon passed sensitive device mapper table information to userspace processes via the udev interface. Local attacker could use this flaw to conduct subsequent unauthorized operations on storage device(s), which should be otherwise protected by encryption / luks passphrase knowledge. Upstream bug report: [2] https://bugs.freedesktop.org/show_bug.cgi?id=27494 Upstream patch: [3] http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4 References: [4] https://bugzilla.novell.com/show_bug.cgi?id=594261 CVE Request: [5] http://www.openwall.com/lists/oss-security/2010/04/06/5
This issue did NOT affect the versions of the DeviceKit-disks packages, as shipped with Fedora release of 11 and 12.
This is CVE-2010-1149.
udisks-1.0.1-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/udisks-1.0.1-1.fc13
udisks-1.0.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.