Bug#839607: Robustify manager_dispatch_notify_fd()

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#839607: Robustify manager_dispatch_notify_fd()
From: Michael Biebl <biebl@debian.org>
Date: Sun, 02 Oct 2016 22:36:00 +0200
Message-id: <[🔎] 147544056016.23616.8695796343219448343.reportbug@pluto.milchstrasse.xx>
Reply-to: Michael Biebl <biebl@debian.org>, 839607@bugs.debian.org

Package: systemd
Version: 215-17+deb8u5
Severity: important
User: pkg-systemd-maintainers@lists.alioth.debian.org
Usertags: jessie-backport

The news about systemd crashing when getting a zero sized message on the
notification socket made the rounds recently.
While v215 is not directly affected by this crash (the code to access
messages of length=0 was added in v21), the version in unstable still
get's confused when it receives such a message and basically disables
the notification system. This is bad, because services relying on the
notification system, e.g. using the watchdog functionality, are getting
killed.

The relevant upstream issue is
https://github.com/systemd/systemd/pull/4240

231-9 in unstable already contains this fix.

I would propose to fix this in stable via regular stable update but
would appreciate if the debian-security team would comment on this.
If they would prefer a security upload I'm happy to do that as well.


Regards,
Michael



-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser         3.115
ii  libacl1         2.2.52-3
ii  libapparmor1    2.10.95-4+b1
ii  libaudit1       1:2.6.7-1
ii  libblkid1       2.28.2-1
ii  libc6           2.24-3
ii  libcap2         1:2.25-1
ii  libcryptsetup4  2:1.7.0-2
ii  libgcrypt20     1.7.3-1
ii  libgpg-error0   1.24-1
ii  libidn11        1.33-1
ii  libip4tc0       1.6.0-3
ii  libkmod2        22-1.1
ii  liblzma5        5.1.1alpha+20120614-2.1
ii  libmount1       2.28.2-1
ii  libpam0g        1.1.8-3.3
ii  libseccomp2     2.3.1-2
ii  libselinux1     2.5-3
ii  libsystemd0     231-9
ii  mount           2.28.2-1
ii  util-linux      2.28.2-1

Versions of packages systemd recommends:
ii  dbus            1.10.10-1
ii  libpam-systemd  231-9

Versions of packages systemd suggests:
ii  policykit-1        0.105-16
ii  systemd-container  231-9
pn  systemd-ui         <none>

Versions of packages systemd is related to:
ii  udev  231-9

-- no debconf information

Reply to:

Follow-Ups:
- Re: Robustify manager_dispatch_notify_fd()
  - From: Michael Biebl <biebl@debian.org>
- Re: Robustify manager_dispatch_notify_fd()
  - From: Wolfgang Karall <lists+debian-security@karall-edv.at>

Prev by Date: Re: Activate your GlobalTestMarket membership
Next by Date: Re: Robustify manager_dispatch_notify_fd()
Previous by thread: Re: Activate your GlobalTestMarket membership
Next by thread: Re: Robustify manager_dispatch_notify_fd()
Index(es):
- Date
- Thread