[SECURITY] [DSA 5989-1] udisks2 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5989-1] udisks2 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 28 Aug 2025 18:51:23 +0000
Message-id: <[🔎] E1urhiV-001wYX-1t@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5989-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 28, 2025                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : udisks2
CVE ID         : CVE-2025-8067

Michael Imfeld discovered an out-of-bounds read vulnerability in
udisks2, a D-Bus service to access and manipulate storage devices, which
may result in denial of service (daemon process crash), or in mapping an
internal file descriptor from the daemon process onto a loop device,
resulting in local privilege escalation.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.9.4-4+deb12u2.

For the stable distribution (trixie), this problem has been fixed in
version 2.10.1-12.1+deb13u1.

We recommend that you upgrade your udisks2 packages.

For the detailed security status of udisks2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/udisks2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmiwpQhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QQVBAAgvsfupJs+u21UNce4L4TQLmAQxWJUzxLdB4u422Y895K7+E3lS2+o6MB
XSGzfQX+tSrnoHlBYItU+574OYenNTTLYG03AL4caLxvVlixf9jOrEVdkAOQSllM
Nh2G72JE9CJsQmhtxDVrQmfrMQGs3pXPZViY1+IZ83ADwpzsj9pFbhcMM7d2DbxP
2hGvFT2fs7Suu0xMWpMVr4Z+6nYvAil5OUrjgLSm95iJoY2IcblXqRlOdtk6x4r5
Tu0srPBQT8wHjracKZgnjYldBLHjWE0B74qo3083Om7gAuDiLlOM16m0mSLIR/J7
gA7AM1fR6ft+O/nUt/bt8fjhtTTWyieRFmzklc/MCir2+AXzDhCNjLR2WojURm56
Zig/WfRU8FNuVbBlrIxRzjjlCo0q7FVXddC5x38B1xx2yn3sQtlJGaDwY7AsSwW2
L+VEGfp0WCyYJi4+VgmoOqg1YNuUrTJExzGgoJhjZMNiC58DMBWCbqz325H9QjrX
kcOqbcc1heSTRJO4QgD0cQjbqFsZvKiI6UkxhC3PJDFa0oP0K7NFbDhztYS/2gUC
fW7nPkCQTZ+1DfkT5kZYM0znY9UF1s3MDS8tvzzbR5NXaJ4IuRiuhRu8TlVZMX4j
AT+UfOurB7eMZD9wpUHNbNLriNcqWDipwvgxic2VViCrvJXMuHI=
=nG5/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5988-1] chromium security update
Next by Date: [SECURITY] [DSA 5990-1] libxml2 security update
Previous by thread: [SECURITY] [DSA 5988-1] chromium security update
Next by thread: [SECURITY] [DSA 5990-1] libxml2 security update
Index(es):
- Date
- Thread