Bug#919002: CVE's for systemd vulnerabilities CVE-2018-16864, CVE-2018-16865 and CVE-2018-16866

shirish शिरीष shirishag75 at gmail.com
Fri Jan 11 16:20:33 GMT 2019 

Package: systemd
Version: 240-3
Severity: normal

Dear all,
Saw this on zdnet today -

https://www.zdnet.com/article/new-linux-systemd-security-holes-uncovered/

I did the cursory thing of seeing maybe if the CVE's had been
mentioned in the changelog -

/usr/share/doc/systemd$ zless changelog.Debian.gz | grep CVE
    (CVE-2018-15686, Closes: #912005)
    (CVE-2018-15688, LP: #1795921, Closes: #912008)
    (CVE-2018-15687, LP: #1796692, Closes: #912007)
      non-terminal path components. (CVE-2018-6954, Closes: #890779)
    (CVE-2017-15908, Closes: #880026, LP: #1725351)
    CVE-2017-9445 (Closes: #866147, LP: #1695546)
    Fixes: CVE-2017-9217 (Closes: #863277)
    by avoiding a race condition in scraping /proc (CVE-2013-4327).
      Fixes CVE-2012-1174, closes: #664364
    - Fixes local DoS (CVE-2012-1101).  Closes: #662029

I did also look at systemd --version if GCC's -fstack-clash-protection
is mentioned therein in the version command but couldn't find it.

It is very much possible that you may be working on it, in any case,
look forward to the fixes.

-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser          3.118
ii  libacl1          2.2.52-3+b1
ii  libapparmor1     2.13.2-3
ii  libaudit1        1:2.8.4-2
ii  libblkid1        2.33-0.2
ii  libc6            2.28-2
ii  libcap2          1:2.25-1.2
ii  libcryptsetup12  2:2.0.6-1
ii  libgcrypt20      1.8.4-4
ii  libgnutls30      3.6.5-2
ii  libgpg-error0    1.33-3
ii  libidn11         1.33-2.2
ii  libip4tc0        1.8.2-3
ii  libkmod2         25-2
ii  liblz4-1         1.8.3-1
ii  liblzma5         5.2.2-1.3
ii  libmount1        2.33-0.2
ii  libpam0g         1.1.8-3.8
ii  libseccomp2      2.3.3-3
ii  libselinux1      2.8-1+b1
ii  libsystemd0      240-3
ii  mount            2.33-0.2
ii  util-linux       2.33-0.2

Versions of packages systemd recommends:
ii  dbus            1.12.12-1
ii  libpam-systemd  240-3

Versions of packages systemd suggests:
ii  policykit-1        0.105-23
pn  systemd-container  <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.132
ii  udev             240-2

-- no debconf information


-- 
          Regards,
          Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

More information about the Pkg-systemd-maintainers mailing list