Your message dated Fri, 02 Nov 2018 22:02:12 +0000
with message-id <[email protected]>
and subject line Bug#912008: fixed in systemd 232-25+deb9u6
has caused the Debian Bug report #912008,
regarding systemd: CVE-2018-15688: Out-of-bounds heap write in systemd-networkd
dhcpv6 option handling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
912008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912008
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: systemd
Version: 232-25
Severity: important
Tags: security upstream
Control: found -1 232-25+deb9u4
Control: found -1 239-10
Hi,
The following vulnerability was published for systemd.
CVE-2018-15688[0]:
| A buffer overflow vulnerability in the dhcp6 client of systemd allows
| a malicious dhcp6 server to overwrite heap memory in systemd-networkd.
| Affected releases are systemd: versions up to and including 239.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-15688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1639067
[2] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921
[3]
https://github.com/systemd/systemd/commit/49653743f69658aeeebdb14faf1ab158f1f2cb20
Please adjust the affected versions in the BTS as needed, both stretch
up to sid should be affected source wise, we do though not enable
systemd-networkd by default.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 232-25+deb9u6
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 28 Oct 2018 18:02:10 +0100
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote
systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines
libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1
libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 232-25+deb9u6
Distribution: stretch
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description:
libnss-myhostname - nss module providing fallback resolution for the current
hostname
libnss-mymachines - nss module to resolve hostnames for local container
instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 912008
Changes:
systemd (232-25+deb9u6) stretch; urgency=medium
.
* dhcp6: Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
handling.
(CVE-2018-15688, LP: #1795921, Closes: #912008)
Checksums-Sha1:
c1fa097a41605918132660ea804f28708f26b41a 4797 systemd_232-25+deb9u6.dsc
50592fcd68160925f9fa3d505c0926713ff74b7c 210268
systemd_232-25+deb9u6.debian.tar.xz
e437ad50ea11809b09e277d054e9f4d24810b1c6 9472
systemd_232-25+deb9u6_source.buildinfo
Checksums-Sha256:
7f714e67a8b37c8edfa6a9e10b2d3e860ec5cd392312df7ddf857f6a7284682f 4797
systemd_232-25+deb9u6.dsc
8ef9e34c7b928a4a1191257e889a4df8649bf94e1f62d6646d2c21541fd813c2 210268
systemd_232-25+deb9u6.debian.tar.xz
c51fd7dec5297b658650fa2d9956b91ba6ffaf8aebc750f964d75608dd34b845 9472
systemd_232-25+deb9u6_source.buildinfo
Files:
024a612232ec211c85086ffaefb60a05 4797 admin optional systemd_232-25+deb9u6.dsc
27eb63246c8cda66f68df47c752fa1d5 210268 admin optional
systemd_232-25+deb9u6.debian.tar.xz
7e5879d0fd919294855f298943b77040 9472 admin optional
systemd_232-25+deb9u6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlvbac4ACgkQauHfDWCP
ItwcAw/+MzUdUyIjEGFfD+nAz2rW9Wmufodao97IokHifcT+Kz87aGm/g+2NhBe7
voACVh1eleORW7vYCyuG1gRij3c+UC1121LhpwZHEZjbiKTQKFYyCb53IvcgcsV+
FyR2LFsQSpZWC46wtIIOAVmY/cNAylo5Ed5jzblj/i5kZSHtM1+STRi4mzBlNBDl
tF+vQXJuqKL5WywliZdX7jIEs4UpJS7/xQwlZYU6QFhR8+9/l0KiG6QN5Xr0TFRq
WKx3uNBqSBearPMA2nJ0MbYBWdPTd+bQo51E0gzNuT1uSfgskqmASkYje5XWUvrf
hq7PZDqKqyn1zjTsmFQbhy/a/osPmQeDVZfwjyFDbMootOo37fb//lFNt3TqFrxP
PVztaZGVJxbMlbIIyYYarz94b6Ad3ihsjHYrQ+/pxEUyddEBa1PyyyD0w4aKkilV
4s6RD3ntpv7RVN8lMp+jvtRNFwRTU4APHBHplTZD/hYaqkcbjyK2pmROS/V5AWvL
4fm5qNuFtqyuBNXIEc13QMxgL8uJwmlbSJFg0Q8xC8ngO9LBzS19IAJ9jC9Up/Mr
YVdiSnmZAIQCDJHUM4ULsS2pymqs+ljEPECINRM5dFl3XSI5+oyH16rKvgEq9btS
oFPIF0GrY5Il67PollHuP0Ubt1RNX3OdwxOKFXdPw6rT+25DPHQ=
=Lxbm
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
