Bug#839607: Robustify manager_dispatch_notify_fd()

[Michael Biebl]

Am 03.10.2016 um 12:11 schrieb Michael Biebl:
> Am 03.10.2016 um 08:22 schrieb Wolfgang Karall:
>> Hello Michael,
>>
>> On 16-10-02 22:36:00, Michael Biebl wrote:
>>> The news about systemd crashing when getting a zero sized message
>>> on the notification socket made the rounds recently.  While v215 is
>>> not directly affected by this crash (the code to access messages of
>>> length=0 was added in v219)
>> [..]
>>> I would propose to fix this in stable via regular stable update but
>>> would appreciate if the debian-security team would comment on this.
>>> If they would prefer a security upload I'm happy to do that as well.
>>
>> https://security-tracker.debian.org/tracker/CVE-2016-7796 says all but
>> the version in sid are vulnerable to CVE-2016-7796 and reading
> 
> No, sid is not vulnerable. It has been fixed in 231-9
> 
>> https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
>>
>> this sounds still rather serious, so a security upload would be
>> appreciated.
>>

Fwiw, we discussed this issue briefly within the pkg-systemd team. While
a local DoS, which we consider the issue in stable to be, is not great,
it's not like local users can't DoS the system via other means just as
easily, like say fork bombs.

Why would you consider this particular issue to be "rather serious"?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20161003/e35f4444/attachment-0002.sig>