831207 – Vulnerabilities in sys-apps/systemd allow for a PID 1 crash

Bug 831207 - Vulnerabilities in sys-apps/systemd allow for a PID 1 crash

Summary: Vulnerabilities in sys-apps/systemd allow for a PID 1 crash

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-01-14 19:19 UTC by 489508
Modified:	2022-01-14 19:28 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 489508 2022-01-14 19:19:41 UTC

As you might know, there is a large security bug in systemd that allows users to crash PID 1, and such, temporarily bork the system (system is borked until reinit). The fallout of this could cause people to lose their work, cause filesystem journals to be corrupted, and the output of replays corrupted, and just all kinds of nasty fallout from a crash. This could cause problems in people's everyday lives. If you did not issue a GLSA, most Gentoo users will probably be vulnerable.

Comment 1 Mike Gilbert gentoo-dev

2022-01-14 19:23:56 UTC

This bug contains no useful information.

If you are reporting a vulnerability, please include all relevant information.

Comment 2 Sam James archtester

2022-01-14 19:28:16 UTC

As floppym says, I have no idea what you're referring to here.

You may be referring to bug 830967 (although this is actually exploitable in pretty limited situations), but in any case, we need details and ideally a link to an upstream bug report, or at least a CVE number.

It's already fixed in stable Gentoo too.

GLSA publication is aimed to be resumed soon after some tooling difficulties we've experienced. It's being worked on.