Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669716 - <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)
Summary: <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa+ cve]
Depends on: CVE-2018-15686, CVE-2018-15687
Blocks: CVE-2018-15688
  Show dependency tree
Reported: 2018-10-26 23:09 UTC by Matthew Thode ( prometheanfire )
Modified: 2018-10-31 15:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-10-26 23:09:02 UTC
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2018-10-28 23:21:20 UTC
The bug has been referenced in the following commit(s):

commit 9189edf61c8e135c0cd28be3534d7624cafff239
Author:     Mike Gilbert <>
AuthorDate: 2018-10-28 22:53:46 +0000
Commit:     Mike Gilbert <>
CommitDate: 2018-10-28 23:21:05 +0000

    sys-apps/systemd: backport several patches for 239
    Package-Manager: Portage-2.3.51_p2, Repoman-2.3.11_p27
    Signed-off-by: Mike Gilbert <>

 sys-apps/systemd/Manifest              |   1 +
 sys-apps/systemd/systemd-239-r2.ebuild | 448 +++++++++++++++++++++++++++++++++
 2 files changed, 449 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-30 15:31:54 UTC
Added to an existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:10:47 UTC
This issue was resolved and addressed in
 GLSA 201810-10 at
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-31 15:30:53 UTC
Freeing CVE alias for tracker usage.