Summary: | <sys-apps/systemd-244.3: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | systemd |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://seclists.org/oss-sec/2020/q1/58 | ||
Whiteboard: | A1 [glsa+ cve] | ||
Package list: |
sys-apps/systemd-244.3
|
Runtime testing required: | --- |
Description
filip ambroz
2020-02-09 10:04:24 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=267b6228821f17cd90562dae89614fb697b4ff9f commit 267b6228821f17cd90562dae89614fb697b4ff9f Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2020-02-09 15:13:27 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-02-09 15:15:10 +0000 sys-apps/systemd: bump to 244.2 Bug: https://bugs.gentoo.org/708806 Package-Manager: Portage-2.3.87_p10, Repoman-2.3.20_p57 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/systemd/Manifest | 1 + sys-apps/systemd/systemd-244.2.ebuild | 508 ++++++++++++++++++++++++++++++++++ sys-apps/systemd/systemd-9999.ebuild | 9 +- 3 files changed, 516 insertions(+), 2 deletions(-) sys-apps/systemd-244.2 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7156f31c6ab4a26e85a2addfbebd98dbb5fadbf3 commit 7156f31c6ab4a26e85a2addfbebd98dbb5fadbf3 Author: Richard Freeman <rich0@gentoo.org> AuthorDate: 2020-02-10 02:37:22 +0000 Commit: Richard Freeman <rich0@gentoo.org> CommitDate: 2020-02-10 02:37:22 +0000 sys-apps/systemd: amd64 stable Bug: https://bugs.gentoo.org/708806 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Richard Freeman <rich0@gentoo.org> sys-apps/systemd/systemd-244.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ia64 stable x86 stable Updating to 244.3, which fixes a regression in udev (bug 710002). ppc64 stable sparc stable arm stable New GLSA request filed. This issue was resolved and addressed in GLSA 202003-20 at https://security.gentoo.org/glsa/202003-20 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. arm64 stable @ppc: ping @ppc: ping ppc stable @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33eed1b877eea0d533760a7cec37fb2ea37c57d0 commit 33eed1b877eea0d533760a7cec37fb2ea37c57d0 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2020-06-11 02:29:00 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2020-06-11 02:29:53 +0000 sys-apps/systemd: remove old Bug: https://bugs.gentoo.org/708806 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/systemd/Manifest | 1 - sys-apps/systemd/files/244-efi-gcc-10.patch | 40 --- sys-apps/systemd/systemd-244.ebuild | 503 ---------------------------- 3 files changed, 544 deletions(-) All done, thanks! |