<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:large">Maybe the week you lost contact, Bobbie. Ubuntu patches were out Jan 11, and Rick commented.</div><div class="gmail_default" style="font-size:large">Just to repeat the vulnerabilities and fixed package from the earlier Jan 11 post:</div><div class="gmail_default" style="font-size:large"><div class="gmail_default" style="font-size:large"><br></div><div class="gmail_default" style="font-size:large">systemd (237-3ubuntu10.11) bionic-security; urgency=medium<br><br> * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca<br> - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec<br> entry for process commandline on the stack<br> - CVE-2018-16864<br> * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca<br> - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the<br> number of fields (1k)<br> - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the<br> number of fields in a message<br> - CVE-2018-16865<br> * SECURITY UPDATE: out-of-bounds read in journald<br> - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()<br> - CVE-2018-16866</div><div class="gmail_default" style="font-size:large"><br></div><div class="gmail_default" style="font-size:large">Ken<br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 22, 2019 at 8:27 AM Bobbie Sellers <<a href="mailto:bliss-sf4ever@dslextreme.com">bliss-sf4ever@dslextreme.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFCCFF">
<font size="+3"><font face="Tahoma">Hi LUGers,<br>
<br>
Well some of knew in our hearts that systemd was<br>
an evil scheme. ;^) I found this on the Usenet in a <br>
Linux newsgroup, comp.os.linux.misc. ;^|<br>
<br>
<a class="gmail-m_-4402236641246074985moz-txt-link-rfc2396E" href="https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/" target="_blank"><https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/></a><br>
<br>
I haven't had time to read the full article at the site.<br>
Rick can probably comment better than I on the article<br>
and its assertions.<br>
<br>
Bobbie Sellers<br>
</font></font>
</div>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a> </blockquote></div>