This bug was fixed in the package systemd - 245.4-4ubuntu3.10
---------------
systemd (245.4-4ubuntu3.10) focal-security; urgency=medium
* SECURITY UPDATE: DoS via DHCP FORCERENEW
- debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
command in src/libsystemd-network/sd-dhcp-client.c.
- CVE-2020-13529
* SECURITY UPDATE: denial of service via stack exhaustion
- debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
in src/basic/unit-name.c.
- CVE-2021-33910
-- Marc Deslauriers <[email protected]> Tue, 20 Jul 2021
07:39:51 -0400
** Changed in: systemd (Ubuntu Focal)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13529
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33910
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1933402
Title:
net card set VF and altname display blurred character
Status in kunpeng920:
Fix Committed
Status in kunpeng920 ubuntu-20.04-hwe series:
Fix Committed
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Focal:
Fix Released
Status in systemd source package in Groovy:
Fix Released
Status in systemd source package in Hirsute:
Fix Released
Status in systemd source package in Impish:
Fix Released
Bug description:
[Impact]
When running with the HWE kernel (5.4 didn't support altnames), altnames
containing garbage (uninitialized memory) may get assigned to a NIC. This is
100% reproducible on arm64. The upstream commit message suggests that this has
been seen to cause segfaults.
[Test Case]
1) echo 1 > /sys/class/net/enp189s0f0/device/sriov_numvfs
2) ip a
3)
10: eno1v0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 1e:d8:e1:e9:ae:25 brd ff:ff:ff:ff:ff:ff
altname @▒ު▒
altname enp125s0f0v0
11: enp189s0f0v0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 76:ea:f4:65:dd:33 brd ff:ff:ff:ff:ff:ff
altname ▒b▒ު▒
altname ▒▒▒▒▒▒
[Fix]
There's a one liner upstream fix that simply initializes a variable:
https://github.com/systemd/systemd/commit/61fd7d6720c562c88ab79062ff8d131e5e3c7b1b
[What Could Go Wrong]
The fix itself is innocuous - just initializing a variable to NULL. So the
real risk here would seem to be limited to the common risks in updating a core
package in the Ubuntu distribution.
To manage notifications about this bug go to:
https://bugs.launchpad.net/kunpeng920/+bug/1933402/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
