Bug#923389: [systemd] CVE-2018-15686 not fixed in stretch stable

Jean-Pierre Stierlin jps at exalinks.com
Wed Feb 27 12:48:54 GMT 2019 

Package: systemd
Version: 232-25+deb9u9
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

--- Please enter the report below this line. ---

Hi,

According to https://security-tracker.debian.org/tracker/CVE-2018-15686, 
the systemd package is still vulnerable.

Are there any plans to backport this fix to the stable version, as it 
was done for jessie ?

Best regards,

Jean-Pierre.

--- System information. ---
Architecture:
Kernel: Linux 4.9.0-8-amd64

Debian Release: 9.8
500 stable-updates ftp.fr.debian.org
500 stable security.debian.org
500 stable ftp.fr.debian.org

--- Package information. ---
Depends (Version) | Installed
==============================================-+-============================ 

libacl1 (>= 2.2.51-8) | 2.2.52-3+b1
libapparmor1 (>= 2.9.0-3+exp2) | 2.11.0-3+deb9u2
libaudit1 (>= 1:2.2.1) | 1:2.6.7-2
libblkid1 (>= 2.19.1) | 2.29.2-1+deb9u1
libc6 (>= 2.17) | 2.24-11+deb9u4
libcap2 (>= 1:2.10) | 1:2.25-1
libcryptsetup4 (>= 2:1.4.3) | 2:1.7.3-4
libgcrypt20 (>= 1.7.0) | 1.7.6-2+deb9u3
libgpg-error0 (>= 1.14) | 1.26-2
libidn11 (>= 1.13) | 1.33-1
libip4tc0 (>= 1.6.0+snapshot20161117) | 1.6.0+snapshot20161117-6
libkmod2 (>= 5~) | 23-2
liblz4-1 (>= 0.0~r127) | 0.0~r131-2+b1
liblzma5 (>= 5.1.1alpha+20120614) | 5.2.2-1.2+b1
libmount1 (>= 2.26.2) | 2.29.2-1+deb9u1
libpam0g (>= 0.99.7.1) | 1.1.8-3.6
libseccomp2 (>= 2.3.1) | 2.3.1-2.1+deb9u1
libselinux1 (>= 2.1.9) | 2.6-3+b3
libsystemd0 (= 232-25+deb9u9) | 232-25+deb9u9
util-linux (>= 2.27.1) | 2.29.2-1+deb9u1
mount (>= 2.26) | 2.29.2-1+deb9u1
adduser | 3.115
procps | 2:3.3.12-3+deb9u1


Package Status (Version) | Installed
==============================-+-===========
udev | 232-25+deb9u9
dracut |
initramfs-tools | 0.130


Recommends (Version) | Installed
=============================-+-===========
libpam-systemd | 232-25+deb9u9
dbus | 1.10.26-0+deb9u1


Suggests (Version) | Installed
================================-+-===========
systemd-ui |
systemd-container |
policykit-1 | 0.105-18+deb9u1



--- Output from package bug script ---

More information about the Pkg-systemd-maintainers mailing list