--- Begin Message ---
Hi Ian,
Here's the email about systemd security holes that I kept forgetting to send
you. I hope it's (still) useful.
The debian-devel post I was thinking of is <441543.92540.bm@smtp118.mail.ir2.yahoo.com>
but it actually only mentions three vulnerabilities, there's a more complete
list of the ones that have affected Debian at
https://security-tracker.debian.org/tracker/source-package/systemd
Here's a short summary along with the redhat bug numbers (since the redhat BTS
seems to be the place to go for systemd information)
CVE summary Debian BTS Redhat
2012-0871 systemd-logind insecure file creation ? 795853
2012-1101 DoS from systemctl status 662029 799902
2012-1174 TOCTOU deletion race in systemd-logind 664364 803358
2013-4327 insecure use of polkit 723713 1006680
2013-4391 systemd journald integer overflow 725357 859051
2013-4392 TOCTOU race updating file perms 725357 859060
2013-4393 systemd journald DoS 725357 859104
2013-4394 improper sanitization of XKB layouts 725357 862324
I think the "really bad one to do with remote connection" the guy on
debian-devel was thinking of is CVE-2013-4391 which mentions possible
arbitrary code execution from a "specially crafted packet" but I'm not sure
under what conditions it would be triggerable over IP, I guess you might have
had to set up your system as a remote journald server.
The bug I mentioned one where bad data in its binary log files causes journald
to go mad and eventially fill up /var with junk is
https://bugzilla.redhat.com/show_bug.cgi?id=974132
and is apparently still not fixed.
Generally the RedHat BTS at
https://bugzilla.redhat.com/buglist.cgi?quicksearch=Component:systemd
and
https://bugzilla.redhat.com/buglist.cgi?quicksearch=Component:systemd+Status:CLOSED
make alarming reading
Hope this helps,
Andrew
--- End Message ---