[Pkg-systemd-maintainers] Bug#725357: systemd: Multiple security issues

Michael Biebl biebl at debian.org
Tue Oct 15 19:32:35 BST 2013 

severity 725357 normal
retitle 725357 CVE-2013-4392: TOCTOU race condition when updating file permissions and SELinux security contexts
thanks

On Fri, Oct 04, 2013 at 03:41:54PM +0200, Moritz Muehlenhoff wrote:
> Package: systemd
> Severity: grave
> Tags: security
> 
> Four security issues have been discovered in systemd by Florian Weimer:
> 
> CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
> https://bugzilla.redhat.com/show_bug.cgi?id=862324
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680
 
Fixed in 204-5 and 44-11+deb7u4

> CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
> https://bugzilla.redhat.com/show_bug.cgi?id=859104
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd

Fixed in 204-5 and 44-11+deb7u4
 
> CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
> https://bugzilla.redhat.com/show_bug.cgi?id=859060
> No upstream fix is available, but we don't support /etc/tmpfiles.d anyway

We do use the tmpfiles mechanism in systemd, but the combination of both
selinux and systemd is very unlikely.

> CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
> https://bugzilla.redhat.com/show_bug.cgi?id=859051
> http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e

Fixed in 204-5 and 44-11+deb7u4

Seeing that all issues aside CVE-2013-4392 are already fixed in sid and
the likelyhood to hit CVE-2013-4392 is very minimal, I'm downgrading the
severity to normal and retitle the bug accordingly.

Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20131015/9430d716/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list