Summary: | <sys-apps/systemd-{248.5, 249.1}: Denial of service (stack exhaustion) in systemd (PID 1) (CVE-2021-33910) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kenton Groombridge <concord> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | systemd |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/07/20/2 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
sys-apps/systemd-248.5
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 789399 |
Description
Kenton Groombridge
2021-07-20 13:03:11 UTC
(In reply to Sam James from comment #1) > Fixed in https://github.com/systemd/systemd-stable/releases/tag/v249.1. (and 248.5) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff18c8e63c649d4e2dd4d7b195ca4defd85aa19d commit ff18c8e63c649d4e2dd4d7b195ca4defd85aa19d Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2021-07-20 15:48:36 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2021-07-20 15:48:36 +0000 sys-apps/systemd: security bump to 248.5, 249.1 Bug: https://bugs.gentoo.org/803041 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/systemd/Manifest | 3 +- sys-apps/systemd/systemd-248.5.ebuild | 523 +++++++++++++++++++++ ...{systemd-249-r3.ebuild => systemd-249.1.ebuild} | 1 - 3 files changed, 525 insertions(+), 2 deletions(-) amd64 done x86 done ppc done ppc64 done sparc done GLSA request filed. arm64 done arm done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45552ee6b4e67a0915e8064b00fe0feda67a87de commit 45552ee6b4e67a0915e8064b00fe0feda67a87de Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2021-07-20 19:19:27 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2021-07-20 19:19:27 +0000 sys-apps/systemd: drop 248.3-r1 Bug: https://bugs.gentoo.org/803041 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-apps/systemd/Manifest | 1 - .../files/249-hostnamed-error-variable.patch | 50 -- sys-apps/systemd/files/gentoo-pam.patch | 33 -- sys-apps/systemd/systemd-248.3-r1.ebuild | 520 --------------------- 4 files changed, 604 deletions(-) This issue was resolved and addressed in GLSA 202107-48 at https://security.gentoo.org/glsa/202107-48 by GLSA coordinator Sam James (sam_c). All done. |