Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669716 - <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688)
Summary: <sys-apps/systemd-239-r2: Out-of-bounds heap write in systemd-networkd dhcpv6...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on: CVE-2018-15686, CVE-2018-15687
Blocks: CVE-2018-15688
  Show dependency tree
 
Reported: 2018-10-26 23:09 UTC by Matthew Thode ( prometheanfire )
Modified: 2018-10-31 15:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-10-26 23:09:02 UTC
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2018-10-28 23:21:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9189edf61c8e135c0cd28be3534d7624cafff239

commit 9189edf61c8e135c0cd28be3534d7624cafff239
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-10-28 22:53:46 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-10-28 23:21:05 +0000

    sys-apps/systemd: backport several patches for 239
    
    Closes: https://bugs.gentoo.org/662776
    Bug: https://bugs.gentoo.org/669664
    Bug: https://bugs.gentoo.org/669716
    Package-Manager: Portage-2.3.51_p2, Repoman-2.3.11_p27
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/Manifest              |   1 +
 sys-apps/systemd/systemd-239-r2.ebuild | 448 +++++++++++++++++++++++++++++++++
 2 files changed, 449 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-30 15:31:54 UTC
Added to an existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:10:47 UTC
This issue was resolved and addressed in
 GLSA 201810-10 at https://security.gentoo.org/glsa/201810-10
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-31 15:30:53 UTC
Freeing CVE alias for tracker usage.