Описание
ELSA-2025-9878: libblockdev security update (IMPORTANT)
[2.28-7.0.1]
- enable btrfs support [Orabug: 30792917]
[2.28-7]
- Don't allow suid and dev set on fs resize (CVE-2025-6019) Resolves: RHEL-96034
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
libblockdev-crypto-devel
2.28-7.0.1.el8_10
libblockdev-devel
2.28-7.0.1.el8_10
libblockdev-fs-devel
2.28-7.0.1.el8_10
libblockdev-loop-devel
2.28-7.0.1.el8_10
libblockdev-lvm-devel
2.28-7.0.1.el8_10
libblockdev-mdraid-devel
2.28-7.0.1.el8_10
libblockdev-part-devel
2.28-7.0.1.el8_10
libblockdev-swap-devel
2.28-7.0.1.el8_10
libblockdev-utils-devel
2.28-7.0.1.el8_10
libblockdev-vdo-devel
2.28-7.0.1.el8_10
libblockdev
2.28-7.0.1.el8_10
libblockdev-btrfs
2.28-7.0.1.el8_10
libblockdev-crypto
2.28-7.0.1.el8_10
libblockdev-dm
2.28-7.0.1.el8_10
libblockdev-fs
2.28-7.0.1.el8_10
libblockdev-kbd
2.28-7.0.1.el8_10
libblockdev-loop
2.28-7.0.1.el8_10
libblockdev-lvm
2.28-7.0.1.el8_10
libblockdev-lvm-dbus
2.28-7.0.1.el8_10
libblockdev-mdraid
2.28-7.0.1.el8_10
libblockdev-mpath
2.28-7.0.1.el8_10
libblockdev-nvdimm
2.28-7.0.1.el8_10
libblockdev-part
2.28-7.0.1.el8_10
libblockdev-plugins-all
2.28-7.0.1.el8_10
libblockdev-swap
2.28-7.0.1.el8_10
libblockdev-utils
2.28-7.0.1.el8_10
libblockdev-vdo
2.28-7.0.1.el8_10
python3-blockdev
2.28-7.0.1.el8_10
Oracle Linux x86_64
libblockdev-crypto-devel
2.28-7.0.1.el8_10
libblockdev-devel
2.28-7.0.1.el8_10
libblockdev-fs-devel
2.28-7.0.1.el8_10
libblockdev-loop-devel
2.28-7.0.1.el8_10
libblockdev-lvm-devel
2.28-7.0.1.el8_10
libblockdev-mdraid-devel
2.28-7.0.1.el8_10
libblockdev-part-devel
2.28-7.0.1.el8_10
libblockdev-swap-devel
2.28-7.0.1.el8_10
libblockdev-utils-devel
2.28-7.0.1.el8_10
libblockdev-vdo-devel
2.28-7.0.1.el8_10
libblockdev
2.28-7.0.1.el8_10
libblockdev-btrfs
2.28-7.0.1.el8_10
libblockdev-crypto
2.28-7.0.1.el8_10
libblockdev-dm
2.28-7.0.1.el8_10
libblockdev-fs
2.28-7.0.1.el8_10
libblockdev-kbd
2.28-7.0.1.el8_10
libblockdev-loop
2.28-7.0.1.el8_10
libblockdev-lvm
2.28-7.0.1.el8_10
libblockdev-lvm-dbus
2.28-7.0.1.el8_10
libblockdev-mdraid
2.28-7.0.1.el8_10
libblockdev-mpath
2.28-7.0.1.el8_10
libblockdev-nvdimm
2.28-7.0.1.el8_10
libblockdev-part
2.28-7.0.1.el8_10
libblockdev-plugins-all
2.28-7.0.1.el8_10
libblockdev-swap
2.28-7.0.1.el8_10
libblockdev-utils
2.28-7.0.1.el8_10
libblockdev-vdo
2.28-7.0.1.el8_10
python3-blockdev
2.28-7.0.1.el8_10
Связанные CVE
Связанные уязвимости
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblock ...
