Bug#839607: Robustify manager_dispatch_notify_fd()

Michael Biebl biebl at debian.org
Wed Nov 27 22:11:23 GMT 2024 

Package: systemd
Version: 215-17+deb8u5
Severity: important
User: pkg-systemd-maintainers at lists.alioth.debian.org
Usertags: jessie-backport

The news about systemd crashing when getting a zero sized message on the
notification socket made the rounds recently.
While v215 is not directly affected by this crash (the code to access
messages of length=0 was added in v21), the version in unstable still
get's confused when it receives such a message and basically disables
the notification system. This is bad, because services relying on the
notification system, e.g. using the watchdog functionality, are getting
killed.

The relevant upstream issue is
https://github.com/systemd/systemd/pull/4240

231-9 in unstable already contains this fix.

I would propose to fix this in stable via regular stable update but
would appreciate if the debian-security team would comment on this.
If they would prefer a security upload I'm happy to do that as well.


Regards,
Michael



-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser         3.115
ii  libacl1         2.2.52-3
ii  libapparmor1    2.10.95-4+b1
ii  libaudit1       1:2.6.7-1
ii  libblkid1       2.28.2-1
ii  libc6           2.24-3
ii  libcap2         1:2.25-1
ii  libcryptsetup4  2:1.7.0-2
ii  libgcrypt20     1.7.3-1
ii  libgpg-error0   1.24-1
ii  libidn11        1.33-1
ii  libip4tc0       1.6.0-3
ii  libkmod2        22-1.1
ii  liblzma5        5.1.1alpha+20120614-2.1
ii  libmount1       2.28.2-1
ii  libpam0g        1.1.8-3.3
ii  libseccomp2     2.3.1-2
ii  libselinux1     2.5-3
ii  libsystemd0     231-9
ii  mount           2.28.2-1
ii  util-linux      2.28.2-1

Versions of packages systemd recommends:
ii  dbus            1.10.10-1
ii  libpam-systemd  231-9

Versions of packages systemd suggests:
ii  policykit-1        0.105-16
ii  systemd-container  231-9
pn  systemd-ui         <none>

Versions of packages systemd is related to:
ii  udev  231-9

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list