[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#924255: marked as done (stretch-pu: package systemd/232-25+deb9u10)

Your message dated Sat, 27 Apr 2019 11:14:32 +0100
with message-id <1556360072.2690.35.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.9
has caused the Debian Bug report #924255,
regarding stretch-pu: package systemd/232-25+deb9u10
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
924255: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924255
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to make a stable upload for systemd, fixing 5 separate issues.
Two of them have a CVE.

The changelog is

systemd (232-25+deb9u10) stretch; urgency=medium

  * journald: fix assertion failure on journal_file_link_data (Closes: #916880)

https://salsa.debian.org/systemd-team/systemd/commit/67a3135d9c9b66b64544dd96a6741a86058ba7a8

  * tmpfiles: fix "e" to support shell style globs (Closes: #918400)

https://salsa.debian.org/systemd-team/systemd/commit/a1f9aa01624edc01bbbf50203fd35dd261d7480f

  * mount-util: accept that name_to_handle_at() might fail with EPERM.
    Container managers frequently block name_to_handle_at(), returning
    EACCES or EPERM when this is issued. Accept that, and simply fall back
    to fdinfo-based checks. (Closes: #917122)

https://salsa.debian.org/systemd-team/systemd/commit/169eb2b486b832ef88746e9d25c4b181cabac5c2

  * automount: ack automount requests even when already mounted.
    Fixes a race condition in systemd which could result in automount requests
    not being serviced and processes using them to hang, causing denial of
    service. (CVE-2018-1049)

https://salsa.debian.org/systemd-team/systemd/commit/2cae426a3e753f74ec8e829217dc9090abcfcf4d

  * core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
    Fixes improper serialization on upgrade which can influence systemd
    execution environment and lead to root privilege escalation.
    (CVE-2018-15686, Closes: #912005)

https://salsa.debian.org/systemd-team/systemd/commit/82a114295a4ef123925d02081255fe88bec4867c


The fix for CVE-2018-15686/#912005 is the most invasive one. I based it
partially on what was uploaded to old-stable by the debian-lts team.
With this patch applied, the demo exploit from [1] no longer causes
systemctl stop to hang.
That said, I would appreciate a second pair of eyes to look over the
patch.

As usual, KiBi is in CC as we build a udeb. Though the code changes
above should not affect udev.

Regards,
Michael


[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1687


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Version: 9.9

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---
Reply to: