Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669664 (CVE-2018-15686, CVE-2018-15687) - <sys-apps/systemd-239-r2: multiple vulnerabilities (CVE-2018-{15686,15687})
Summary: <sys-apps/systemd-239-r2: multiple vulnerabilities (CVE-2018-{15686,15687})
Status: RESOLVED FIXED
Alias: CVE-2018-15686, CVE-2018-15687
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A1 [glsa+ cve]
Keywords:
Depends on:
Blocks: 669716
  Show dependency tree
 
Reported: 2018-10-26 10:34 UTC by D'juan McDonald (domhnall)
Modified: 2018-10-30 21:10 UTC (History)
2 users (show)

See Also:
Package list:
sys-apps/systemd-239-r2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2018-10-26 10:34:36 UTC
CVE-2018-15687 (https://bugs.chromium.org/p/project-zero/issues/detail?id=1689):
A security issue has been found in systemd up to and including 239, where a race condition in the chown_one() function can be used to escalate privileges via a crafted symlink.

Pull Request for CVE-2018-15687: https://github.com/systemd/systemd/pull/10517

CVE-2018-15686 (https://bugs.chromium.org/p/project-zero/issues/detail?id=1687):
A security issue has been found in systemd up to and including 239, where the use of fgets() allows an attacker to escalate privilege via a crafted service with NotifyAccess.




@maintainer(s): upstream has de-restricted these issues. Fixes likely target for 240 release. 


Gentoo Security Padawan
(domhnall)
Comment 1 Larry the Git Cow gentoo-dev 2018-10-28 23:21:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9189edf61c8e135c0cd28be3534d7624cafff239

commit 9189edf61c8e135c0cd28be3534d7624cafff239
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-10-28 22:53:46 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-10-28 23:21:05 +0000

    sys-apps/systemd: backport several patches for 239
    
    Closes: https://bugs.gentoo.org/662776
    Bug: https://bugs.gentoo.org/669664
    Bug: https://bugs.gentoo.org/669716
    Package-Manager: Portage-2.3.51_p2, Repoman-2.3.11_p27
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/Manifest              |   1 +
 sys-apps/systemd/systemd-239-r2.ebuild | 448 +++++++++++++++++++++++++++++++++
 2 files changed, 449 insertions(+)
Comment 2 Mike Gilbert gentoo-dev 2018-10-28 23:25:15 UTC
Let's stabilize sys-apps/systemd-239-r2.
Comment 3 Agostino Sarubbo gentoo-dev 2018-10-29 10:34:00 UTC
amd64 stable
Comment 4 Mart Raudsepp gentoo-dev 2018-10-29 11:49:41 UTC
arm64 stable
Comment 5 Sergei Trofimovich gentoo-dev 2018-10-29 23:42:39 UTC
ia64 stable
Comment 6 Larry the Git Cow gentoo-dev 2018-10-30 14:34:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e815d3e67234fd9672992bfb3bcfea2588164d4c

commit e815d3e67234fd9672992bfb3bcfea2588164d4c
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-10-30 14:32:29 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-10-30 14:33:29 +0000

    sys-apps/systemd: remove old
    
    Bug: https://bugs.gentoo.org/669664
    Package-Manager: Portage-2.3.51_p2, Repoman-2.3.11_p27
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/Manifest                          |   5 -
 sys-apps/systemd/files/238-initctl.patch           |  46 ---
 sys-apps/systemd/files/238-libmount-include.patch  |  72 ----
 sys-apps/systemd/files/238-nspawn-wait.patch       |  83 ----
 sys-apps/systemd/files/238-sparc-raw-clone.patch   |  42 --
 .../systemd/files/238-timesync-connection.patch    |  49 ---
 sys-apps/systemd/systemd-236-r5.ebuild             | 437 --------------------
 sys-apps/systemd/systemd-238-r7.ebuild             | 440 --------------------
 sys-apps/systemd/systemd-239-r1.ebuild             | 448 ---------------------
 sys-apps/systemd/systemd-239.ebuild                | 446 --------------------
 10 files changed, 2068 deletions(-)
Comment 7 Thomas Deutschmann gentoo-dev Security 2018-10-30 15:29:40 UTC
New GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:10:38 UTC
This issue was resolved and addressed in
 GLSA 201810-10 at https://security.gentoo.org/glsa/201810-10
by GLSA coordinator Thomas Deutschmann (whissi).