Bug#950732: systemd: CVE-2020-1712
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 6 15:50:23 GMT 2020
Control: tags -1 + fixed-upstream
Hi,
For completeness the following additional point:
On Wed, Feb 05, 2020 at 02:20:14PM +0100, Salvatore Bonaccorso wrote:
> The following vulnerability was published for systemd, filling bug to
> track the issue in BTS. Raised severity to RC, although the question
> on DSA/no-dsa can be handled ortogonal to it.
>
> CVE-2020-1712[0]:
> heap use-after-free vulnerability
systemd-machined was one of the target services which could be
exploitable. Red Hat bug vies a hint on which other services are
targets. Vulnerable Dbus methods have:
1) a "find" function for the associated object (e.g. image_object_find)
that configures a temporary cache and setups a "defer_event" which
frees the elements in the cache
2) a call to bus_verify_polkit_async() in the handler of the method
(e.g. bus_image_method_clone)
3) SD_BUS_VTABLE_UNPRIVILEGED as one of the specified flags
https://bugzilla.redhat.com/show_bug.cgi?id=1794578#c10
The upstream fix was merged in v245-rc1.
Regards,
Salvatore
More information about the Pkg-systemd-maintainers
mailing list