<div dir="ltr">
<div>I'm glad I'm on this list, if for no other reason than to find out
what an apparent piece of crap systemd is. And to think, <br></div><div>some were
touting this a year or so agoas a "great, new thing."Vulns and other major issues? Ummm no, I'll pass. :p</div><div><br></div><div>-th<br></div>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 22, 2019 at 8:51 AM Ken Shaffer <<a href="mailto:kenshaffer80@gmail.com">kenshaffer80@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:large">Maybe the week you lost contact, Bobbie. Ubuntu patches were out Jan 11, and Rick commented.</div><div class="gmail_default" style="font-size:large">Just to repeat the vulnerabilities and fixed package from the earlier Jan 11 post:</div><div class="gmail_default" style="font-size:large"><div class="gmail_default" style="font-size:large"><br></div><div class="gmail_default" style="font-size:large">systemd (237-3ubuntu10.11) bionic-security; urgency=medium<br><br> * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca<br> - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec<br> entry for process commandline on the stack<br> - CVE-2018-16864<br> * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca<br> - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the<br> number of fields (1k)<br> - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the<br> number of fields in a message<br> - CVE-2018-16865<br> * SECURITY UPDATE: out-of-bounds read in journald<br> - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()<br> - CVE-2018-16866</div><div class="gmail_default" style="font-size:large"><br></div><div class="gmail_default" style="font-size:large">Ken<br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail-m_-22525239909159128gmail_attr">On Tue, Jan 22, 2019 at 8:27 AM Bobbie Sellers <<a href="mailto:bliss-sf4ever@dslextreme.com" target="_blank">bliss-sf4ever@dslextreme.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFCCFF">
<font size="+3"><font face="Tahoma">Hi LUGers,<br>
<br>
Well some of knew in our hearts that systemd was<br>
an evil scheme. ;^) I found this on the Usenet in a <br>
Linux newsgroup, comp.os.linux.misc. ;^|<br>
<br>
<a class="gmail-m_-22525239909159128gmail-m_-4402236641246074985moz-txt-link-rfc2396E" href="https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/" target="_blank"><https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/></a><br>
<br>
I haven't had time to read the full article at the site.<br>
Rick can probably comment better than I on the article<br>
and its assertions.<br>
<br>
Bobbie Sellers<br>
</font></font>
</div>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a> </blockquote></div>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a> </blockquote></div>