Bug#1003467: systemd: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles

Salvatore Bonaccorso carnil at debian.org
Mon Jan 10 18:17:57 GMT 2022


Source: systemd
Version: 250.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/systemd/systemd/pull/22070
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 249.7-1
Control: found -1 247.3-6

Hi,

The following vulnerability was published for systemd.

CVE-2021-3997[0]:
| Uncontrolled recursion in systemd's systemd-tmpfiles

Note while the issue while present before is exploitable only after
upstream commit e535840, and as such can be ignored for buster and
older. For bullseye it would be ideal to get a fix (via a point
release?).

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3997
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
[1] https://github.com/systemd/systemd/pull/22070
[2] https://www.openwall.com/lists/oss-security/2022/01/10/2

Regards,
Salvatore



More information about the Pkg-systemd-maintainers mailing list