CVE-2018-17336

Priority
Description
UDisks 2.8.0 has a format string vulnerability in udisks_log in
udiskslogging.c, allowing attackers to obtain sensitive information (stack
contents), cause a denial of service (memory corruption), or possibly have
unspecified other impact via a malformed filesystem label, as demonstrated
by %d or %n substrings.
Notes
 mdeslaur> introduced by ad2ce6714e911be58011dd6b838ec0f6fd0f950f in
 mdeslaur> udisks 2.6.4
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.7.6-3ubuntu0.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.7.6-3ubuntu3)
Patches:
Upstream:https://github.com/storaged-project/udisks/commit/e369a9b4b08e9373c814c05328b366c938284eb5
More Information

Updated: 2019-01-14 22:31:32 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)