Bug#1003467: systemd: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 10 18:17:57 GMT 2022
Source: systemd
Version: 250.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/systemd/systemd/pull/22070
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 249.7-1
Control: found -1 247.3-6
Hi,
The following vulnerability was published for systemd.
CVE-2021-3997[0]:
| Uncontrolled recursion in systemd's systemd-tmpfiles
Note while the issue while present before is exploitable only after
upstream commit e535840, and as such can be ignored for buster and
older. For bullseye it would be ideal to get a fix (via a point
release?).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
[1] https://github.com/systemd/systemd/pull/22070
[2] https://www.openwall.com/lists/oss-security/2022/01/10/2
Regards,
Salvatore
More information about the Pkg-systemd-maintainers
mailing list