[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1686{4,5,6}/systemd

Salvatore Bonaccorso carnil at debian.org
Wed Jan 9 18:10:34 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6134a1a4 by Salvatore Bonaccorso at 2019-01-09T18:09:28Z
Add CVE-2018-1686{4,5,6}/systemd

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21348,12 +21348,22 @@ CVE-2018-16867 (A flaw was found in qemu Media Transfer Protocol (MTP) before ve
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6 (master)
-CVE-2018-16866
-	RESERVED
-CVE-2018-16865
-	RESERVED
-CVE-2018-16864
-	RESERVED
+CVE-2018-16866 [information leak, out-of-bounds read]
+	RESERVED
+	- systemd 240-1
+	NOTE: Introduced in: https://github.com/systemd/systemd/commit/ec5ff4445cca6a1d786b8da36cf6fe0acc0b94c8 (v221)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/a6aadf4ae0bae185dc4c414d492a4a781c80ffe5 (v240) [1/2]
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 (v240) [2/2]
+CVE-2018-16865 [memory corruption]
+	RESERVED
+	- systemd <unfixed>
+	NOTE: Intorduced in: https://github.com/systemd/systemd/commit/cf244689e9d1ab50082c9ddd0f3c4d1eb982badc (v38)
+	NOTE: Exploitable since: https://github.com/systemd/systemd/commit/c4aa09b06f835c91cea9e021df4c3605cff2318d (v201)
+CVE-2018-16864 [memory corruption]
+	RESERVED
+	- systemd <unfixed>
+	NOTE: Introduced in: https://github.com/systemd/systemd/commit/ae018d9bc900d6355dea4af05119b49c67945184 (v203)
+	NOTE: Exploitable since: https://github.com/systemd/systemd/commit/ac2e41f5103ce2c679089c4f8fb6be61d7caec07 (v230)
 CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An ...)
 	- ghostscript <not-affected> (Red Hat-specific issue)
 	NOTE: Debian updates backported all fixes to released suites



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6134a1a4a54aabe915c0a3bdff9a331069156e18

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6134a1a4a54aabe915c0a3bdff9a331069156e18
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190109/f9b21b1d/attachment.html>


More information about the debian-security-tracker-commits mailing list