Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2026-3476

Опубликовано: 02 мар. 2026
Источник: oracle-oval
Платформа: Oracle Linux 10

Описание

ELSA-2026-3476: udisks2 security update (IMPORTANT)

[2.10.90-6.0.1.el10_1.1]

  • Enable btrfs support for OL supported arches [Orabug: 37464632]

[2.10.90-6.1]

  • Add missing polkit check for RestoreEncryptedHeader() (CVE-2026-26103) (RHEL-148565)
  • Add missing polkit check for HeaderBackup() (CVE-2026-26104) (RHEL-148588)

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

libudisks2

2.10.90-6.0.1.el10_1.1

libudisks2-devel

2.10.90-6.0.1.el10_1.1

udisks2

2.10.90-6.0.1.el10_1.1

udisks2-iscsi

2.10.90-6.0.1.el10_1.1

udisks2-lsm

2.10.90-6.0.1.el10_1.1

udisks2-lvm2

2.10.90-6.0.1.el10_1.1

Oracle Linux x86_64

libudisks2

2.10.90-6.0.1.el10_1.1

libudisks2-devel

2.10.90-6.0.1.el10_1.1

udisks2

2.10.90-6.0.1.el10_1.1

udisks2-iscsi

2.10.90-6.0.1.el10_1.1

udisks2-lsm

2.10.90-6.0.1.el10_1.1

udisks2-lvm2

2.10.90-6.0.1.el10_1.1

Связанные CVE

CVE-2026-26103
CVE-2026-26104

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2026:3476

rocky
23 дня назад

Important: udisks2 security update

ubuntu логотип

CVE-2026-26104

CVSS3: 5.5
ubuntu
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

redhat логотип

CVE-2026-26104

CVSS3: 5.5
redhat
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

nvd логотип

CVE-2026-26104

CVSS3: 5.5
nvd
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

debian логотип

CVE-2026-26104

CVSS3: 5.5
debian
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows u ...