Bug#955330: iproute2: corrupted output of "altname"

Marc Zyngier maz at kernel.org
Mon Apr 20 15:49:21 BST 2020

On 2020-04-20 12:39, Luca Boccassi wrote:
> On Mon, 2020-04-20 at 09:29 +0100, Marc Zyngier wrote:
>> Hi all,
>> I just managed to track this down to systemd-udev.


> You are indeed right, thanks for the analysis.
> Upstream bug: https://github.com/systemd/systemd/issues/15232
> Upstream fix: https://github.com/systemd/systemd/pull/15300
> Introduced by:
> https://github.com/systemd/systemd/commit/ef1d2c07f9567dfea8a4e012d8779a4ded2d9ae6

Ah, nice one. You'd hope the compiler would scream at that.

> I'll leave it to the systemd maintainers to decide whether to backport
> a fix or wait for a new release.

Given that this leaks data from a process running as root, and makes
it visible to unprivileged users, I would say that patching it seems
to be the sensible course of action.

But this depends on how bullseye is supported security-wise. Maybe it
doesn't matter as long as nobody puts it in production... ;-)


Jazz is not dead. It just smells funny...

More information about the Pkg-systemd-maintainers mailing list