|
|
Subscribe / Log in / New account

Ubuntu alert USN-7578-1 (udisks2)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7578-1] UDisks vulnerability


Date:
              Wed, 18 Jun 2025 12:14:35 -0400


Message-ID:
              <86cd19e9-6fa9-418f-8997-02b894ade854@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7578-1
June 18, 2025

udisks2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

UDisks could be made to run programs as an administrator.

Software Description:
- udisks2: service to access and manipulate storage devices

Details:

It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
   libudisks2-0                    2.10.1-11ubuntu2.2
   udisks2                         2.10.1-11ubuntu2.2

Ubuntu 24.10
   libudisks2-0                    2.10.1-9ubuntu3.2
   udisks2                         2.10.1-9ubuntu3.2

Ubuntu 24.04 LTS
   libudisks2-0                    2.10.1-6ubuntu1.2
   udisks2                         2.10.1-6ubuntu1.2

Ubuntu 22.04 LTS
   libudisks2-0                    2.9.4-1ubuntu2.2
   udisks2                         2.9.4-1ubuntu2.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7578-1
   CVE-2025-6019

Package Information:
   https://launchpad.net/ubuntu/+source/udisks2/2.10.1-11ubu...
   https://launchpad.net/ubuntu/+source/udisks2/2.10.1-9ubun...
   https://launchpad.net/ubuntu/+source/udisks2/2.10.1-6ubun...
   https://launchpad.net/ubuntu/+source/udisks2/2.9.4-1ubunt...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmhS5esFAwAAAAAACgkQZWnYVadEvpOn
pRAAnuxzepCjo0cGBm1FaGPiwvpGxecHtl2Om0lnUfpbjM139actx7q9yOVQUFkBKDG97iJAOC//
zU6LxPGIkX2TPx3Etxk1fBO16b7n0pSOjzGPc6poFR3Tw3VkuMpT4VLlNIwtFTxNji0GwD3AXVT5
uo6BNkZJBr2+4ObfVU6ggPq8UyZrVk3+Kb2zv8ER7e+dM7VNRjB0E9FSgoijWvu17REJARq7RuMp
VHsd/eiPS0bHWEpvuEl4rhpCuannSVIKCdxsDmwlAB9V3Hs8Z0+G4AzhOiSp0oL8y3xLpq3SSAOX
M8KdtrNk0LkrRvbB+WoeA5X059wCut5Z8JV6OVGbeVF6BgI696JJBhDKt46/2wi9vTBZ7C6scZb6
F1VCZDSLz00utu5Zjzix9r5ARlCwT00erekZt4u1a+f6E+fRF2K9Q3zFLfUxFsVdpvZyZ4wf2UBk
4d6RyZ7XXEUqwPvOQAs2oiluST/kS5Rp2Ar5zIwQLeqruC/jL1xR4wlsvHIZ8282dZF+FPDdIrJR
RRBW7J79+RcE3PosVjgDWvtocCn0gEsa8PJxS57Z1zjAXUgDEo+SlyvwJ8dUgGJ9xB+UzT+frPsa
czXdd1pBg6uMS/zUpuCSLmf+9HdoNEbygHKbJ+PPYzQoz6uGIQh51G4NWFIKnspndRGhk1fZE3+6
ZLg=
=EZId
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds