This bug was fixed in the package systemd - 237-3ubuntu10.11 --------------- systemd (237-3ubuntu10.11) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec entry for process commandline on the stack - CVE-2018-16864 * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the number of fields (1k) - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the number of fields in a message - CVE-2018-16865 * SECURITY UPDATE: out-of-bounds read in journald - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier() - CVE-2018-16866 * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation - add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch - update debian/patches/series * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts - add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch - update debian/patches/series -- Chris Coulson <chris.coul...@canonical.com> Wed, 09 Jan 2019 15:11:53 +0000 ** Changed in: systemd (Ubuntu Bionic) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16864 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16865 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16866 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1804864 Title: autopkgtest regression TEST-22-TMPFILES are not executable Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: Fix Released Status in systemd source package in Cosmic: Fix Committed Bug description: [Impact] * Newly added testcase in a security upload used a traditional GNU patch format, instead of using extended git patch format, as supported by GNU patch. Therefore, executable bits on shells scripts were lost, resulting in autopkgtest failures. [Test Case] * `upstream` test/TEST-22-TMPFILES autopkgtest case should pass. [Regression Potential] * This is testcode change only. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804864/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp