Univention Bugzilla – Bug 47509
systemd: Multiple issues (4.3)
Last modified: 2018-08-15 13:14:51 CEST
New Debian systemd 232-25+deb9u4A~4.3.1.201808081329 fixes: This update addresses the following issue(s): * CVE_2013-4392 is open * In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. (CVE-2017-15908) CVE_2017-18078 is open CVE_2017-1000082 is open CVE_2018-1049 is open CVE_2018-6954 is open 232-25+deb9u4 (Wed, 13 Jun 2018 22:20:36 +0200) * core/load-fragment: Add RemoveIPC= Allow RemoveIPC= to be set in the unit file not only via D-Bus. * nspawn: Add missing -E to getopt_long. The -E alias for --setenv in systemd-nspawn was not working as documented. This commit fixes that by adding -E to getopt_long. * login: Respect --no-wall when cancelling a shutdown request 232-25+deb9u3 (Fri, 23 Mar 2018 13:55:43 +0100) [ Cyril Brulebois ] * networkd-ndisc: Handle missing mtu gracefully. The previous upload made networkd respect the MTU field in IPv6 RA but unfortunately broke setups where there's no such field. 232-25+deb9u2 (Sun, 03 Dec 2017 15:03:50 +0100) * networkd: Handle MTU field in IPv6 RA * shared: Add a linker script so that all functions are tagged @SD_SHARED instead of @Base. This helps prevent symbol collisions with other programs and libraries. In particular, because PAM modules are loaded into the process that is creating the session, and systemd creates PAM sessions, the potential for collisions is high. * resolved: Fix loop on packets with pseudo dns types. CVE-2017-15908 * machinectl: Don't output "No machines." with --no-legend option * CVE-2017-15908 systemd: Infinite loop in the dns_packet_read_type_window() function (CVE-2017-15908)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/systemd_232-25+deb9u1A~4.3.0.201711221833.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/systemd_232-25+deb9u4A~4.3.1.201808081329.dsc @@ -1,8 +1,41 @@ -232-25+deb9u1A~4.3.0.201711221833 [Wed, 22 Nov 2017 19:02:08 +0100] Univention builddaemon <buildd@univention.de>: +232-25+deb9u4A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:29:29 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01-fix-ftbfs 10-ignore-ucs-divered + +232-25+deb9u4 [Wed, 13 Jun 2018 22:20:36 +0200] Michael Biebl <biebl@debian.org>: + + * core/load-fragment: Add RemoveIPC= + Allow RemoveIPC= to be set in the unit file not only via D-Bus. + (Closes: #892829) + * nspawn: Add missing -E to getopt_long. + The -E alias for --setenv in systemd-nspawn was not working as + documented. This commit fixes that by adding -E to getopt_long. + (Closes: #895798) + * login: Respect --no-wall when cancelling a shutdown request + (Closes: #897938) + +232-25+deb9u3 [Fri, 23 Mar 2018 13:55:43 +0100] Michael Biebl <biebl@debian.org>: + + [ Cyril Brulebois ] + * networkd-ndisc: Handle missing mtu gracefully. + The previous upload made networkd respect the MTU field in IPv6 RA but + unfortunately broke setups where there's no such field. (Closes: #892794) + +232-25+deb9u2 [Sun, 03 Dec 2017 15:03:50 +0100] Michael Biebl <biebl@debian.org>: + + * networkd: Handle MTU field in IPv6 RA (Closes: #878162) + * shared: Add a linker script so that all functions are tagged @SD_SHARED + instead of @Base. + This helps prevent symbol collisions with other programs and libraries. + In particular, because PAM modules are loaded into the process that is + creating the session, and systemd creates PAM sessions, the potential + for collisions is high. (Closes: #873708) + * resolved: Fix loop on packets with pseudo dns types. + CVE-2017-15908 (Closes: #880026) + * machinectl: Don't output "No machines." with --no-legend option + (Closes: #880158) 232-25+deb9u1 [Wed, 05 Jul 2017 22:31:25 +0200] Michael Biebl <biebl@debian.org>: <http://10.200.17.11/4.3-1/#72240414498169436>
OK: patches OK: piuparts OK: yaml OK: errata-announce systemd.yaml [4.3-1] dfc12640fd Bug #47509: systemd 232-25+deb9u4A~4.3.1.201808081329 doc/errata/staging/systemd.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/197.html>