[sf-lug] systemd and memory corruption...
Ken Shaffer
kenshaffer80 at gmail.com
Tue Jan 22 08:39:02 PST 2019
Maybe the week you lost contact, Bobbie. Ubuntu patches were out Jan 11,
and Rick commented.
Just to repeat the vulnerabilities and fixed package from the earlier Jan
11 post:
systemd (237-3ubuntu10.11) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption in journald via attacker controlled
alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
entry for process commandline on the stack
- CVE-2018-16864
* SECURITY UPDATE: memory corruption in journald via attacker controlled
alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on
the
number of fields in a message
- CVE-2018-16865
* SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix
syslog_parse_identifier()
- CVE-2018-16866
Ken
On Tue, Jan 22, 2019 at 8:27 AM Bobbie Sellers <bliss-sf4ever at dslextreme.com>
wrote:
> Hi LUGers,
>
> Well some of knew in our hearts that systemd was
> an evil scheme. ;^) I found this on the Usenet in a
> Linux newsgroup, comp.os.linux.misc. ;^|
>
>
> <https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/>
> <https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/>
>
> I haven't had time to read the full article at the site.
> Rick can probably comment better than I on the article
> and its assertions.
>
> Bobbie Sellers
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20190122/c70c2f5a/attachment.html>
More information about the sf-lug
mailing list