Security Updates: udisks, udisks2
Two security updates were released today and they all came from the same project: udisks and udisks2. Both have the same CVE entries, meaning both are vulnerable to the same bugs. Both are applied to Slackware 14.0 and newer.
Here is the description found on the ChangeLog:
Here is the description found on the ChangeLog:
This update fixes a stack-based buffer overflow when handling long path names. A malicious, local user could use this flaw to create a
specially-crafted directory structure that could lead to arbitrary code
execution with the privileges of the udisks daemon (root).