Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 887581 (CVE-2022-4415) - <sys-apps/systemd-{251.10,252.4}: local information leak
Summary: <sys-apps/systemd-{251.10,252.4}: local information leak
Status: RESOLVED FIXED
Alias: CVE-2022-4415
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: A4 [glsa+]
Keywords:
Depends on: 887749 887751
Blocks:
  Show dependency tree
 
Reported: 2022-12-21 01:26 UTC by John Helmert III
Modified: 2024-05-04 07:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-21 01:26:25 UTC
Widely available report not available yet, but patches are available:

Seemingly unreleased: https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
In 252.4: https://github.com/systemd/systemd-stable/commit/9b75a3d0502d6741c8ecb7175794345f8eb3827c
And 251.10: https://github.com/systemd/systemd-stable/commit/efca5283dc791a07171f80eef84e14fdb58fad57

Please bump to 251.10/252.4.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-21 01:27:24 UTC
commit 72d241ec3d0f47cc09e35133bfb929dc89f30f52
Author: Sam James <sam@gentoo.org>
Date:   Wed Dec 21 01:24:36 2022 +0000

    sys-apps/systemd-utils: add 251.10

    Signed-off-by: Sam James <sam@gentoo.org>

commit 4efb0fbea070bd5817c0c5616b03b14a3d1210bb
Author: Sam James <sam@gentoo.org>
Date:   Wed Dec 21 01:19:04 2022 +0000

    sys-apps/systemd: add 252.4

    Signed-off-by: Sam James <sam@gentoo.org>

commit 33207626485b38fc9cc7ed20b44a0527b99a6c8c
Author: Sam James <sam@gentoo.org>
Date:   Wed Dec 21 01:22:56 2022 +0000

    sys-apps/systemd: add 251.10

    Signed-off-by: Sam James <sam@gentoo.org>
Comment 2 Larry the Git Cow gentoo-dev 2023-01-13 20:06:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=004f7f8ca01d10d12b3b4e5f018d262684e42f87

commit 004f7f8ca01d10d12b3b4e5f018d262684e42f87
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2023-01-13 20:05:47 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2023-01-13 20:06:54 +0000

    sys-apps/systemd-utils: drop 251.8-r1
    
    Bug: https://bugs.gentoo.org/887581
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd-utils/Manifest                    |   1 -
 .../files/251-revert-fortify-source-3-fix.patch    |  40 --
 .../systemd-utils/systemd-utils-251.8-r1.ebuild    | 524 ---------------------
 3 files changed, 565 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf79b1f243e9ec141a2c4a90d2214f13904f34eb

commit bf79b1f243e9ec141a2c4a90d2214f13904f34eb
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2023-01-13 20:03:14 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2023-01-13 20:06:53 +0000

    sys-apps/systemd: drop 251.8, 251.10
    
    Bug: https://bugs.gentoo.org/887581
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/Manifest                          |   2 -
 .../systemd/files/251-gpt-auto-no-cryptsetup.patch |  28 --
 sys-apps/systemd/systemd-251.10.ebuild             | 521 ---------------------
 sys-apps/systemd/systemd-251.8.ebuild              | 521 ---------------------
 4 files changed, 1072 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-05-04 07:19:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=086164d117a043966946611e66f4322204a92260

commit 086164d117a043966946611e66f4322204a92260
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-04 07:18:38 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-04 07:19:05 +0000

    [ GLSA 202405-04 ] systemd: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/882769
    Bug: https://bugs.gentoo.org/887581
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-04.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)