OpenSuSE has issued an advisory on April 29, 2011: http://lists.opensuse.org/opensuse-updates/2011-04/msg00082.html Patched package uploaded for Mageia 1. Advisory: ======================== Updated udisks packages fix security vulnerability: Sebastian Krahmer reported that the udisks service (via D-BUS) could be used to load arbitrary Linux kernel modules (CVE-2010-4661). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4661 http://lists.opensuse.org/opensuse-updates/2011-04/msg00082.html ======================== Updated packages in core/updates_testing: ======================== udisks-1.0.2-3.1.mga1 udisks-devel-1.0.2-3.1.mga1 from udisks-1.0.2-3.1.mga1.src.rpm
Looking at https://bugzilla.novell.com/show_bug.cgi?id=653900#c1 If I understand correctly dbus-send --system --print-reply --dest=org.freedesktop.UDisks \ /org/freedesktop/UDisks/devices/sr0 \ org.freedesktop.UDisks.Device.FilesystemMount \ string:'vfat' array:string:'' On a system where the vfat kernel module was not already loaded, should result in the vfat module getting loaded, but this is not happening, so I can't recreate the problem. As I can't recreate the problem, just testing that udisks is working, by confirming that a cd is mounted when inserted, while running lxde. Testing complete on Mageia 1 i586. I'll test Mageia 1 x86-64 shortly.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA1-32-OK
Testing complete on Mageia 1 x86-64. Could someone from the sysadmin team push the srpm udisks-1.0.2-3.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated udisks packages fix security vulnerability: Sebastian Krahmer reported that the udisks service (via D-BUS) could be used to load arbitrary Linux kernel modules (CVE-2010-4661). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4661 http://lists.opensuse.org/opensuse-updates/2011-04/msg00082.html https://bugs.mageia.org/show_bug.cgi?id=7073
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1-32-OK => MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0234
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
Re-opening as this CVE fix broke ntfs mounting: https://bugs.mageia.org/show_bug.cgi?id=7221
Keywords: validated_update => (none)Priority: Normal => HighStatus: RESOLVED => REOPENEDBlocks: (none) => 7221Resolution: FIXED => (none)Whiteboard: MGA1-32-OK MGA1-64-OK => (none)
Thanks for letting me know. The suggested fix has been applied and it's building now. udisks-1.0.2-3.2.mga1
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0234-2
Status: REOPENED => RESOLVEDResolution: (none) => FIXED