Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 595476 (CVE-2016-7795, CVE-2016-7796)

Summary: <sys-apps/systemd-233-r1: local user DoS
Product: Gentoo Security Reporter: Kristian Fiskerstrand (RETIRED) <k_f>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: alexander, systemd
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [noglsa cve]
Package list:
=sys-libs/libseccomp-2.3.2 amd64 arm ppc ppc64 x86 =sys-apps/systemd-233-r1
Runtime testing required: Yes
Bug Depends on: 598992, 599152, 606422, 622874    
Bug Blocks: 579506, 605022    

Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-09-28 22:07:53 UTC
From ${URL}:
systemd[1] fails an assertion in manager_invoke_notify_message[2] when
a zero-length message is received over its notification socket.
After failing the assertion, PID 1 hangs in the pause system call.
It is no longer possible to start and stop daemons or cleanly reboot
the system. Inetd-style services managed by systemd no longer accept

Since the notification socket, /run/systemd/notify, is world-writable,
this allows a local user to perform a denial-of-service attack against


        NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

This vulnerability is present in all versions of systemd since at
least v209[3].

This has been reported to systemd.[4]

Comment 2 Mike Gilbert gentoo-dev 2016-09-29 14:24:45 UTC
There's still some chatter on this upstream. I'm waiting a bit to see if this PR gets merged.
Comment 3 Mike Gilbert gentoo-dev 2016-09-30 01:39:14 UTC
Backporting the fix(es) to systemd-226 is non-trivial.

system-231 has some regressions, the fixes for which are also non-trivial backports.

I would prefer to wait for upstream to release systemd-232 to resolve this.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-18 16:24:41 UTC
The PR was merged and first release containing the fix was =sys-apps/systemd-232 which already landed in the Gentoo repository:

@ maintainer(s): Please tell us how to proceed. Is systemd-232 ready for stabilization?
Comment 5 Mike Gilbert gentoo-dev 2016-11-18 16:48:21 UTC
(In reply to Thomas Deutschmann from comment #4)
> @ maintainer(s): Please tell us how to proceed. Is systemd-232 ready for
> stabilization?

No, systemd-232 introduced additional regressions and is not fit for stabilization.

See bug 598992, bug 599152.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2017-04-21 00:39:54 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Comment 7 Mike Gilbert gentoo-dev 2017-04-21 01:17:24 UTC
Let's proceed with systemd-233-r1.

I have taken the liberty of adding sys-libs/libseccomp to the package list to satisfy a dependency.
Comment 8 Agostino Sarubbo gentoo-dev 2017-04-23 21:23:24 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2017-04-27 10:36:55 UTC
x86 stable
Comment 10 Agostino Sarubbo gentoo-dev 2017-04-27 11:23:41 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2017-04-29 15:02:32 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2017-04-30 09:37:25 UTC
ppc64 stable
Comment 13 Tobias Klausmann (RETIRED) gentoo-dev 2017-05-22 17:30:45 UTC
Stable on alpha.
Comment 14 Agostino Sarubbo gentoo-dev 2017-06-10 15:11:06 UTC
ia64 stable
Comment 15 Mike Gilbert gentoo-dev 2017-06-28 17:07:13 UTC
arm should now stabilize 233-r2 instead (bug 622874).
Comment 16 Aaron Bauman (RETIRED) gentoo-dev 2017-10-08 19:50:10 UTC
GLSA Vote: No