From b9ed7d2a9dee57f1e6537d8069b18e0f6cd622c9 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 3 Sep 2025 08:48:57 +0000 Subject: [PATCH] import OL udisks2-2.9.0-16.el8_10.1 --- ...-2.10.91-manager_loopsetup_fd_bounds.patch | 29 +++++++++++++++++++ SPECS/udisks2.spec | 8 ++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 SOURCES/udisks-2.10.91-manager_loopsetup_fd_bounds.patch diff --git a/SOURCES/udisks-2.10.91-manager_loopsetup_fd_bounds.patch b/SOURCES/udisks-2.10.91-manager_loopsetup_fd_bounds.patch new file mode 100644 index 0000000..f659e05 --- /dev/null +++ b/SOURCES/udisks-2.10.91-manager_loopsetup_fd_bounds.patch @@ -0,0 +1,29 @@ +From 55e36ef2af4fbfc92aab5cef50a69123e321f9f1 Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Tue, 15 Jul 2025 13:34:08 -0400 +Subject: [PATCH 1/1] udiskslinuxmanager: Add lower bounds check to fd_index + +Make sure fd_index isn't negative as this can lead to an OOB read +resulting in a crash, or to exposing internal file descriptors. + +Reported by Michael Imfeld (born0monday). +--- + src/udiskslinuxmanager.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c +index 4e633284..887771ee 100644 +--- a/src/udiskslinuxmanager.c ++++ b/src/udiskslinuxmanager.c +@@ -381,7 +381,7 @@ handle_loop_setup (UDisksManager *object, + goto out; + + fd_num = g_variant_get_handle (fd_index); +- if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list)) ++ if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list)) + { + g_dbus_method_invocation_return_error (invocation, + UDISKS_ERROR, +-- +2.43.0 + diff --git a/SPECS/udisks2.spec b/SPECS/udisks2.spec index 5236217..37cf5ab 100644 --- a/SPECS/udisks2.spec +++ b/SPECS/udisks2.spec @@ -56,7 +56,7 @@ Name: udisks2 Summary: Disk Manager Version: 2.9.0 -Release: 16%{?dist} +Release: 16%{?dist}.1 License: GPLv2+ Group: System Environment/Libraries URL: https://github.com/storaged-project/udisks @@ -105,6 +105,8 @@ Patch35: udisks-2.10.0-lvm2_update_epoch.patch Patch36: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2213193 Patch37: udisks-2.10.0-iscsi-ibft-chap-auth.patch +# https://issues.redhat.com/browse/RHEL-109408 +Patch38: udisks-2.10.91-manager_loopsetup_fd_bounds.patch BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version} @@ -340,6 +342,7 @@ This package contains module for VDO management. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/" %build @@ -532,6 +535,9 @@ fi %endif %changelog +* Mon Aug 25 2025 Tomas Bzatek - 2.9.0-16.1 +- udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) (RHEL-109408) + * Thu Aug 03 2023 Tomas Bzatek - 2.9.0-16 - iscsi: Fix login on firmware-discovered nodes (#2213193) - tests: Extend iscsi method call timeouts (#2213715)