Univention Bugzilla – Bug 48759
systemd: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:05 CET
New Debian systemd 232-25+deb9u9A~4.3.3.201902261122 fixes: This update addresses the following issue: * Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454)
--- mirror/ftp/4.3/unmaintained/component/4.3-3-errata/source/systemd_232-25+deb9u8A~4.3.3.201901211455.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/systemd_232-25+deb9u9A~4.3.3.201902261122.dsc @@ -1,8 +1,17 @@ -232-25+deb9u8A~4.3.3.201901211455 [Mon, 21 Jan 2019 14:56:52 +0100] Univention builddaemon <buildd@univention.de>: +232-25+deb9u9A~4.3.3.201902261122 [Tue, 26 Feb 2019 11:23:07 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01-fix-ftbfs 10-ignore-ucs-divered + +232-25+deb9u9 [Sun, 17 Feb 2019 09:22:58 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit + (CVE-2019-6454) + * Allocate temporary strings to hold dbus paths on the heap (CVE-2019-6454) + * sd-bus: if we receive an invalid dbus message, ignore and proceeed + (CVE-2019-6454) 232-25+deb9u8 [Tue, 15 Jan 2019 10:59:43 +0100] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.3-3/#4688407167540299155>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 65729b34aa Bug #48759: systemd 232-25+deb9u9A~4.3.3.201902261122 doc/errata/staging/systemd.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/443.html>