Описание
ELSA-2025-9327: libblockdev security update (IMPORTANT)
[2.28-14.0.1]
- enable btrfs support [Orabug: 30792917]
[2.28-14]
- Don't allow suid and dev set on fs resize (CVE-2025-6019) Resolves: RHEL-96038
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libblockdev
2.28-14.0.1.el9_6
libblockdev-btrfs
2.28-14.0.1.el9_6
libblockdev-crypto
2.28-14.0.1.el9_6
libblockdev-dm
2.28-14.0.1.el9_6
libblockdev-fs
2.28-14.0.1.el9_6
libblockdev-kbd
2.28-14.0.1.el9_6
libblockdev-loop
2.28-14.0.1.el9_6
libblockdev-lvm
2.28-14.0.1.el9_6
libblockdev-lvm-dbus
2.28-14.0.1.el9_6
libblockdev-mdraid
2.28-14.0.1.el9_6
libblockdev-mpath
2.28-14.0.1.el9_6
libblockdev-nvdimm
2.28-14.0.1.el9_6
libblockdev-nvme
2.28-14.0.1.el9_6
libblockdev-part
2.28-14.0.1.el9_6
libblockdev-plugins-all
2.28-14.0.1.el9_6
libblockdev-swap
2.28-14.0.1.el9_6
libblockdev-tools
2.28-14.0.1.el9_6
libblockdev-utils
2.28-14.0.1.el9_6
python3-blockdev
2.28-14.0.1.el9_6
Oracle Linux x86_64
libblockdev
2.28-14.0.1.el9_6
libblockdev-btrfs
2.28-14.0.1.el9_6
libblockdev-crypto
2.28-14.0.1.el9_6
libblockdev-dm
2.28-14.0.1.el9_6
libblockdev-fs
2.28-14.0.1.el9_6
libblockdev-kbd
2.28-14.0.1.el9_6
libblockdev-loop
2.28-14.0.1.el9_6
libblockdev-lvm
2.28-14.0.1.el9_6
libblockdev-lvm-dbus
2.28-14.0.1.el9_6
libblockdev-mdraid
2.28-14.0.1.el9_6
libblockdev-mpath
2.28-14.0.1.el9_6
libblockdev-nvdimm
2.28-14.0.1.el9_6
libblockdev-nvme
2.28-14.0.1.el9_6
libblockdev-part
2.28-14.0.1.el9_6
libblockdev-plugins-all
2.28-14.0.1.el9_6
libblockdev-swap
2.28-14.0.1.el9_6
libblockdev-tools
2.28-14.0.1.el9_6
libblockdev-utils
2.28-14.0.1.el9_6
python3-blockdev
2.28-14.0.1.el9_6
Связанные CVE
Связанные уязвимости
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblock ...
