Security update for udisks2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:3154-1 Final 1 1 2022-09-07T12:31:49Z current 2022-09-07T12:31:49Z 2022-09-07T12:31:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for udisks2 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606). - Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-3154,SUSE-SLE-Module-Basesystem-15-SP3-2022-3154,openSUSE-SLE-15.3-2022-3154 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20223154-1/ Link for SUSE-SU-2022:3154-1 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012165.html E-Mail link for SUSE-SU-2022:3154-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1098797 SUSE Bug 1098797 https://bugzilla.suse.com/1190606 SUSE Bug 1190606 https://www.suse.com/security/cve/CVE-2021-3802/ SUSE CVE CVE-2021-3802 page SUSE Linux Enterprise Module for Basesystem 15 SP3 openSUSE Leap 15.3 libudisks2-0-2.8.1-150200.3.3.1 libudisks2-0-devel-2.8.1-150200.3.3.1 libudisks2-0_bcache-2.8.1-150200.3.3.1 libudisks2-0_btrfs-2.8.1-150200.3.3.1 libudisks2-0_lsm-2.8.1-150200.3.3.1 libudisks2-0_lvm2-2.8.1-150200.3.3.1 libudisks2-0_zram-2.8.1-150200.3.3.1 typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1 udisks2-2.8.1-150200.3.3.1 udisks2-lang-2.8.1-150200.3.3.1 libudisks2-0-2.8.1-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libudisks2-0-devel-2.8.1-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 udisks2-2.8.1-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 udisks2-lang-2.8.1-150200.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP3 libudisks2-0-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 libudisks2-0-devel-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 libudisks2-0_bcache-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 libudisks2-0_btrfs-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 libudisks2-0_lsm-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 libudisks2-0_lvm2-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 libudisks2-0_zram-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 udisks2-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 udisks2-lang-2.8.1-150200.3.3.1 as a component of openSUSE Leap 15.3 A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. CVE-2021-3802 SUSE Linux Enterprise Module for Basesystem 15 SP3:libudisks2-0-2.8.1-150200.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:libudisks2-0-devel-2.8.1-150200.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:udisks2-2.8.1-150200.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP3:udisks2-lang-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0-devel-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0_bcache-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0_btrfs-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0_lsm-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0_lvm2-2.8.1-150200.3.3.1 openSUSE Leap 15.3:libudisks2-0_zram-2.8.1-150200.3.3.1 openSUSE Leap 15.3:typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1 openSUSE Leap 15.3:udisks2-2.8.1-150200.3.3.1 openSUSE Leap 15.3:udisks2-lang-2.8.1-150200.3.3.1 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20223154-1/ https://www.suse.com/security/cve/CVE-2021-3802.html CVE-2021-3802 https://bugzilla.suse.com/1190606 SUSE Bug 1190606