669716 – <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)

Bug 669716 - <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)

Summary: <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:	A2 [glsa+ cve]
Keywords:

Depends on:	CVE-2018-15686, CVE-2018-15687
Blocks:	CVE-2018-15688
	Show dependency tree

Reported:	2018-10-26 23:09 UTC by Matthew Thode ( prometheanfire )
Modified:	2018-10-31 15:30 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/systemd/systemd/pull/10518
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Thode ( prometheanfire ) archtester

2018-10-26 23:09:02 UTC

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Reproducible: Always

Comment 1 Larry the Git Cow gentoo-dev

2018-10-28 23:21:20 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9189edf61c8e135c0cd28be3534d7624cafff239

commit 9189edf61c8e135c0cd28be3534d7624cafff239
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-10-28 22:53:46 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-10-28 23:21:05 +0000

    sys-apps/systemd: backport several patches for 239
    
    Closes: https://bugs.gentoo.org/662776
    Bug: https://bugs.gentoo.org/669664
    Bug: https://bugs.gentoo.org/669716
    Package-Manager: Portage-2.3.51_p2, Repoman-2.3.11_p27
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/Manifest              |   1 +
 sys-apps/systemd/systemd-239-r2.ebuild | 448 +++++++++++++++++++++++++++++++++
 2 files changed, 449 insertions(+)

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-10-30 15:31:54 UTC

Added to an existing GLSA request.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2018-10-30 21:10:47 UTC

This issue was resolved and addressed in
 GLSA 201810-10 at https://security.gentoo.org/glsa/201810-10
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2018-10-31 15:30:53 UTC

Freeing CVE alias for tracker usage.