From a780e44177324642e9df95e0107ef4ca2c359c1e Mon Sep 17 00:00:00 2001 From: zhangjian Date: Mon, 23 Jun 2025 02:49:45 +0000 Subject: [PATCH] fix CVE-2025-6019 --- ...ystemhelpers-mount-with-nosuid-nodev.patch | 46 +++++++++++++++++++ udisks2.spec | 6 ++- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 0006-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch diff --git a/0006-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch b/0006-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch new file mode 100644 index 0000000..053b674 --- /dev/null +++ b/0006-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch @@ -0,0 +1,46 @@ +From 5e7277debea926370e587408517560afe87d28c9 Mon Sep 17 00:00:00 2001 +From: Tomas Bzatek +Date: Wed, 4 Jun 2025 15:26:46 +0200 +Subject: [PATCH] udiskslinuxfilesystemhelpers: Mount private mounts with + 'nodev,nosuid' + +The private mount done in take_filesystem_ownership() should always +default to 'nodev,nosuid' for security and 'errors=remount-ro' for +selected filesystem types to handle an corrupted filesystem. This is +consistent with mount options calculation for regular mounts. + +--- + src/udiskslinuxfilesystemhelpers.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c +index 040db1d..ce4ee8e 100644 +--- a/src/udiskslinuxfilesystemhelpers.c ++++ b/src/udiskslinuxfilesystemhelpers.c +@@ -86,6 +86,7 @@ gboolean take_filesystem_ownership (const gchar *device, + { + + gchar *mountpoint = NULL; ++ const gchar *mount_opts; + GError *local_error = NULL; + gboolean unmount = FALSE; + gboolean success = TRUE; +@@ -113,8 +114,13 @@ gboolean take_filesystem_ownership (const gchar *device, + success = FALSE; + goto out; + } +- +- if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error)) ++ mount_opts = "nodev,nosuid"; ++ if (g_strcmp0 (fstype, "ext2") == 0 || ++ g_strcmp0 (fstype, "ext3") == 0 || ++ g_strcmp0 (fstype, "ext4") == 0 || ++ g_strcmp0 (fstype, "jfs") == 0) ++ mount_opts = "nodev,nosuid,errors=remount-ro"; ++ if (!bd_fs_mount (device, mountpoint, fstype, mount_opts, NULL, &local_error)) + { + g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, + "Cannot mount %s at %s: %s", +-- +2.33.0 + diff --git a/udisks2.spec b/udisks2.spec index fb5456d..1cbb1f5 100644 --- a/udisks2.spec +++ b/udisks2.spec @@ -59,7 +59,7 @@ Name: udisks2 Summary: Disk Manager Version: 2.9.0 -Release: 7 +Release: 8 License: GPL-2.0+ and LGPL-2.0+ Group: System Environment/Libraries URL: https://github.com/storaged-project/udisks @@ -70,6 +70,7 @@ Patch2: 0002-CVE-2021-3802.patch Patch3: 0003-udiskslinuxmountoptions-Do-not-free-static-daemon-resources.patch Patch4: 0004-udisksctl-Guard-object-lookup.patch Patch5: 0005-udiskslinuxmanager-use-dbus-interface-after-free.patch +Patch6: 0006-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version} @@ -441,6 +442,9 @@ udevadm trigger %endif %changelog +* Mon Jun 23 2025 zhangjian - 2.9.0-8 +- fix CVE-2025-6019 + * Tue Jun 18 2024 cenhuilin - 2.9.0-7 - udiskslinuxmanager:use dbus interface after free -- Gitee