Summary: | =sys-apps/systemd-{37,38}-r*: X11 Session File Creation Weakness (CVE-2012-0871) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | systemd |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48208/ | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-03-02 20:20:32 UTC
I see two solutions here. Either: a) mask older systemd versions (=> all systemd versions in tree will be hard-masked for one reason or other), b) backport a patch. Could you point to a specific commit in systemd git? From Novell's bug tracker (https://bugzilla.novell.com/show_bug.cgi?id=747154): http://cgit.freedesktop.org/systemd/systemd/commit/?id=fc3c1c6e091ea16ad5600b145201ec535bbb5d7c (In reply to comment #1) > Could you point to a specific commit in systemd git? Btw, this issue is fixed in systemd-39. I guess you can backport it in our ~arch version. Ah, it's in logind. I guess that would make only our -37 & -38 vulnerable. Will it be enough to drop the offending versions? And removed. Great, thank you. Closing noglsa. |