SB2019080666 - Red Hat Enterprise Linux 7 update for udisks2
Published: August 6, 2019 Updated: April 24, 2025
Security Bulletin ID
SB2019080666
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Format string error (CVE-ID: CVE-2018-17336)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a format string error in udisks_log in udiskslogging.c. A local user can supply a specially crafted input that contains format string specifiers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label.
Remediation
Install update from vendor's website.