[SECURITY] [DLA 4284-1] udisks2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4284-1] udisks2 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 28 Aug 2025 17:08:45 +0000 (UTC)
Message-id: <[🔎] d9458b1b-c5f7-c687-fd5a-f5396472ce8e@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4284-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 28, 2025                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : udisks2
Version        : 2.9.2-2+deb11u3
CVE ID         : CVE-2025-8067

Michael Imfeld discovered an out-of-bounds read vulnerability in udisks2,which may result in denial of service (daemon process crash), or inmapping an internal file descriptor from the daemon process onto a loopdevice, resulting in local privilege escalation.



For Debian 11 bullseye, this problem has been fixed in version
2.9.2-2+deb11u3.

We recommend that you upgrade your udisks2 packages.

For the detailed security status of udisks2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/udisks2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmiwjR1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfvGhAAw5TNImCtLCn1Y+z1C9RzlqEu8QVb2i2GAeP3vsOuPhO6c1q0GiVbL1VE
wpof8tbX++vBCicMocOCF7+hdE63T1M3PYjJlColVKVfA9cS3H1lrwJ9Ocl8wpQQ
fHuJi0Z09wSzgMz3NlXQAdI4Akg0xFXgrJmYnORu5p4/bV2iGXxSMPgPOD//1lXo
BxrIxKWWgYm8bu2HRcmUvKR+hs9fgnWFgLp+ru7Z2rLhR188BRPa4PNMLtzPnV4v
UGp7gvCiKzutAzKmL04Toy933H/u//QXq5psRq15LKEsxXIj0dcBdWm1KeOcXaC3
gTColqs723l35/kSrnEi6PXvClmKQNi9BwHXtY9hAlwD7x46xG0r4nosjb74vxrb
rchW5iNOHvd5ry//X56LC1dhxNRd++CCtaLqzyXUEOBmNX7MpNaFKySXtLO9wCfv
E16GhR+duJxKgKXFEfSWLEcfWhpveoJq5vOwmlxD5mxYbChfRVX4b+b2eA7346d3
c6uDCaAWMH0Su68MeeZ9Zl152bl5fkJEzKNcVdUZhQ73xLetRlnnhxrs5yG06lXJ
Ya26fXSPuMJNkbazHMd4SoWT9d23jq4rmIbtV5oP6ccjbuhIMAzmw2grPIzgwZN+
S8DFzcGY2jBGyxHb99mB7FvNPy2mHjVLIMZk2EFVOKvKkq1NbSk=
=YuGe
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4283-1] luajit security update
Next by Date: [SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security
Previous by thread: [SECURITY] [DLA 4283-1] luajit security update
Next by thread: [SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security
Index(es):
- Date
- Thread