Package name
udev
Date
2009-12-03
Advisory ID
MDVSA-2009:103-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Security vulnerabilities have been identified and fixed in udev.

udev before 1.4.1 does not verify whether a NETLINK message originates
from kernel space, which allows local users to gain privileges by
sending a NETLINK message from user space (CVE-2009-1185).

Buffer overflow in the util_path_encode function in
udev/lib/libudev-util.c in udev before 1.4.1 allows local users to
cause a denial of service (service outage) via vectors that trigger
a call with crafted arguments (CVE-2009-1186).

The updated packages have been patched to prevent this.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 8268a6d9b8b782f008c6bad08081aa1f  2008.0/i586/libvolume_id0-114-7.1mdv2008.0.i586.rpm
 f25010279ad483a4bd1df3300be1eff5  2008.0/i586/libvolume_id0-devel-114-7.1mdv2008.0.i586.rpm
 527afa06fad5b28de6ba60c12c5cc685  2008.0/i586/udev-114-7.1mdv2008.0.i586.rpm
 b472ccee86044dba507029b63385e306  2008.0/i586/udev-doc-114-7.1mdv2008.0.i586.rpm
 33a3aeb9701b9a90b776b08595055f05  2008.0/i586/udev-tools-114-7.1mdv2008.0.i586.rpm 
 b6057c15bb22b381d07ee45a6bc81974  2008.0/SRPMS/udev-114-7.1mdv2008.0.src.rpm

2008.0 x86_64

 8e05d00d129d11f2442390ec7dd4174c  2008.0/x86_64/lib64volume_id0-114-7.1mdv2008.0.x86_64.rpm
 2718c04a037f773bca23b010265071ce  2008.0/x86_64/lib64volume_id0-devel-114-7.1mdv2008.0.x86_64.rpm
 6756f2bb0dad6dee8188e5dccc1f92cb  2008.0/x86_64/udev-114-7.1mdv2008.0.x86_64.rpm
 b65a69fde92e29d6affa25d32e881dff  2008.0/x86_64/udev-doc-114-7.1mdv2008.0.x86_64.rpm
 bf39012f0e457b61fd203711625d78dc  2008.0/x86_64/udev-tools-114-7.1mdv2008.0.x86_64.rpm 
 b6057c15bb22b381d07ee45a6bc81974  2008.0/SRPMS/udev-114-7.1mdv2008.0.src.rpm

References