diff options
Diffstat (limited to 'meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch')
| -rw-r--r-- | meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch new file mode 100644 index 0000000000..0189833b49 --- /dev/null +++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch @@ -0,0 +1,63 @@ +From 2517b8feb13919c382e53ab5f9b63c5b5ee5b063 Mon Sep 17 00:00:00 2001 +From: Emilio Pozuelo Monfort <pochu@debian.org> +Date: Fri, 5 Nov 2021 09:29:13 +0100 +Subject: [PATCH] udisks2 security update + +mount options: Always use errors=remount-ro for ext filesystems + +Stefan Walter found that udisks2, a service to access and manipulate +storage devices, could cause denial of service via system crash if a +corrupted or specially crafted ext2/3/4 device or image was mounted, +which could happen automatically on certain environments. + +For Debian 9 stretch, this problem has been fixed in version +2.1.8-1+deb9u1. + +Default mount options are focused primarily on data safety, mounting +damaged ext2/3/4 filesystem as readonly would indicate something's wrong. + +Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/u/udisks2/udisks2_2.1.8-1+deb9u1.debian.tar.xz] +CVE: CVE-2021-3802 + +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> + +--- + src/udiskslinuxfilesystem.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c +index a5a3898c..eac8cab3 100644 +--- a/src/udiskslinuxfilesystem.c ++++ b/src/udiskslinuxfilesystem.c +@@ -421,6 +421,21 @@ static const gchar *hfsplus_allow[] = { "creator", "type", "umask", "session", " + static const gchar *hfsplus_allow_uid_self[] = { "uid", NULL }; + static const gchar *hfsplus_allow_gid_self[] = { "gid", NULL }; + ++/* ---------------------- ext2 -------------------- */ ++ ++static const gchar *ext2_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext2_allow[] = { "errors=remount-ro", NULL }; ++ ++/* ---------------------- ext3 -------------------- */ ++ ++static const gchar *ext3_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext3_allow[] = { "errors=remount-ro", NULL }; ++ ++/* ---------------------- ext4 -------------------- */ ++ ++static const gchar *ext4_defaults[] = { "errors=remount-ro", NULL }; ++static const gchar *ext4_allow[] = { "errors=remount-ro", NULL }; ++ + /* ------------------------------------------------ */ + /* TODO: support context= */ + +@@ -434,6 +449,9 @@ static const FSMountOptions fs_mount_options[] = + { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self }, + { "exfat", exfat_defaults, exfat_allow, exfat_allow_uid_self, exfat_allow_gid_self }, + { "hfsplus", hfsplus_defaults, hfsplus_allow, hfsplus_allow_uid_self, hfsplus_allow_gid_self }, ++ { "ext2", ext2_defaults, ext2_allow, NULL, NULL }, ++ { "ext3", ext3_defaults, ext3_allow, NULL, NULL }, ++ { "ext4", ext4_defaults, ext4_allow, NULL, NULL }, + }; + + /* ------------------------------------------------ */ |