Bug#923389: marked as done ([systemd] CVE-2018-15686 not fixed in stretch stable)

Thu, 04 Apr 2019 14:52:07 -0700 

Your message dated Thu, 04 Apr 2019 21:47:16 +0000
with message-id <[email protected]>
and subject line Bug#912005: fixed in systemd 232-25+deb9u10
has caused the Debian Bug report #912005,
regarding [systemd] CVE-2018-15686 not fixed in stretch stable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
912005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912005
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: systemd
Version: 232-25+deb9u9
Severity: grave
Tags: security
X-Debbugs-CC: [email protected]

--- Please enter the report below this line. ---

Hi,
According to https://security-tracker.debian.org/tracker/CVE-2018-15686, the systemd package is still vulnerable.
Are there any plans to backport this fix to the stable version, as it was done for jessie ? 

Best regards,

Jean-Pierre.

--- System information. ---
Architecture:
Kernel: Linux 4.9.0-8-amd64

Debian Release: 9.8
500 stable-updates ftp.fr.debian.org
500 stable security.debian.org
500 stable ftp.fr.debian.org

--- Package information. ---
Depends (Version) | Installed
==============================================-+-============================ 
libacl1 (>= 2.2.51-8) | 2.2.52-3+b1
libapparmor1 (>= 2.9.0-3+exp2) | 2.11.0-3+deb9u2
libaudit1 (>= 1:2.2.1) | 1:2.6.7-2
libblkid1 (>= 2.19.1) | 2.29.2-1+deb9u1
libc6 (>= 2.17) | 2.24-11+deb9u4
libcap2 (>= 1:2.10) | 1:2.25-1
libcryptsetup4 (>= 2:1.4.3) | 2:1.7.3-4
libgcrypt20 (>= 1.7.0) | 1.7.6-2+deb9u3
libgpg-error0 (>= 1.14) | 1.26-2
libidn11 (>= 1.13) | 1.33-1
libip4tc0 (>= 1.6.0+snapshot20161117) | 1.6.0+snapshot20161117-6
libkmod2 (>= 5~) | 23-2
liblz4-1 (>= 0.0~r127) | 0.0~r131-2+b1
liblzma5 (>= 5.1.1alpha+20120614) | 5.2.2-1.2+b1
libmount1 (>= 2.26.2) | 2.29.2-1+deb9u1
libpam0g (>= 0.99.7.1) | 1.1.8-3.6
libseccomp2 (>= 2.3.1) | 2.3.1-2.1+deb9u1
libselinux1 (>= 2.1.9) | 2.6-3+b3
libsystemd0 (= 232-25+deb9u9) | 232-25+deb9u9
util-linux (>= 2.27.1) | 2.29.2-1+deb9u1
mount (>= 2.26) | 2.29.2-1+deb9u1
adduser | 3.115
procps | 2:3.3.12-3+deb9u1


Package Status (Version) | Installed
==============================-+-===========
udev | 232-25+deb9u9
dracut |
initramfs-tools | 0.130


Recommends (Version) | Installed
=============================-+-===========
libpam-systemd | 232-25+deb9u9
dbus | 1.10.26-0+deb9u1


Suggests (Version) | Installed
================================-+-===========
systemd-ui |
systemd-container |
policykit-1 | 0.105-18+deb9u1



--- Output from package bug script ---

--- End Message ---
--- Begin Message --- 
Source: systemd
Source-Version: 232-25+deb9u10

We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Mar 2019 15:52:46 +0100
Source: systemd
Architecture: source
Version: 232-25+deb9u10
Distribution: stretch
Urgency: medium
Maintainer: Debian systemd Maintainers 
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 912005 916880 917122 918400
Changes:
 systemd (232-25+deb9u10) stretch; urgency=medium
 .
   * journald: fix assertion failure on journal_file_link_data (Closes: #916880)
   * tmpfiles: fix "e" to support shell style globs (Closes: #918400)
   * mount-util: accept that name_to_handle_at() might fail with EPERM.
     Container managers frequently block name_to_handle_at(), returning
     EACCES or EPERM when this is issued. Accept that, and simply fall back
     to fdinfo-based checks. (Closes: #917122)
   * automount: ack automount requests even when already mounted.
     Fixes a race condition in systemd which could result in automount requests
     not being serviced and processes using them to hang, causing denial of
     service. (CVE-2018-1049)
   * core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
     Fixes improper serialization on upgrade which can influence systemd
     execution environment and lead to root privilege escalation.
     (CVE-2018-15686, Closes: #912005)
Checksums-Sha1:
 0d2b66bca4f77fe241a6a86dbb5937c62309a331 4801 systemd_232-25+deb9u10.dsc
 75c8368b5743fceb3796d536d5cac6757a3365c0 221104 
systemd_232-25+deb9u10.debian.tar.xz
 423d25f95a764e175ed41459c9ed328020ea2779 9365 
systemd_232-25+deb9u10_source.buildinfo
Checksums-Sha256:
 5c91567d1243df91e12b52b7f5ce1dac203f4fea3eedd448e6eae2e014fe8667 4801 
systemd_232-25+deb9u10.dsc
 1f815ab415a62ab504084c2166f67e1b5623341ebda8dfe313146eff453df131 221104 
systemd_232-25+deb9u10.debian.tar.xz
 c4167523d962f2591538fbf61e8bf9882182e1c43c4d0cff6cd4cd600b7a4639 9365 
systemd_232-25+deb9u10_source.buildinfo
Files:
 0a3b3ce1e373a23731d5046b96f6f5c2 4801 admin optional systemd_232-25+deb9u10.dsc
 e1c3daf27ee3130b52599c9e1323809d 221104 admin optional 
systemd_232-25+deb9u10.debian.tar.xz
 6de8b6d7e1341d79ec4dc1d0db6ff4e6 9365 admin optional 
systemd_232-25+deb9u10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlyjx60ACgkQauHfDWCP
ItyOUA//TDjV84lrFKjQJhZngh3E1f98hPovRhBdoSRO7i7Dgs3XU27nmw/H/B0x
//JNoF5zZlHjwKwdDHmaHD5Y4gZJePz/m39cnXixBrQrVxyCPxXfmeT3C6DaH/gd
rhfakKfyjUR7mQAUecnyKdX/xjKg/HOdVj7Xu/KUgwVUHVJwrjI8YWOsfAVS3Xjk
QIxkBox36DVqPYcpsZVFL2eyIj/9Kzvhco4RJaRQvQQGCg7bO+5X5XlYp7A9yOC9
BUcDGTzCV2KagxkwjnZb1LABdcucbiIKE9yE/6avvbsTghLJIu3n1UahELBFW/kh
6iMKIN+p2DfRL3juDs7f4iuxP3FhIjgjJvauNX7SYR3EoZWtM6OFUZu99g+Pq2Ko
nRsVdt8lVhBF5NSOKfi7uRwqyfMR+Ffo8nOOWAzbbFIlEsfOuGD9DIR9wV4bD0jD
YhE//1smZU26jmAIy3X63s3fh5+W52k08bJqT24Dk9UjMBQWsHNk8UYDccKLgxmi
MdU+9bO18+tuFTAy56HMwKBrYrKfdIiaKMJzoyC64rB7HvZKa5l6dcmtU0IK9WIr
chffgYVO9IAp6Lo0T0QwGVMLtYYNlN3AeOQA48b7tzJ/BAjJwRZ3GnEb6QYPsz/K
ARS/3KakZOQNmXM3yE/QiyMH0w2htm7YsJo6N4dVF1CAQ3AuZHY=
=0oeB
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Reply via email to