Bug 4998

Summary: systemd new security issue CVE-2012-1174
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: systemd-43-5.mga2.src.rpm CVE:
Status comment:

Description David Walser 2012-03-17 17:59:43 CET 
Mandriva issued this advisory yesterday (March 16):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:030

The patch, which applies to our systemd version, is here:
http://svn.mandriva.com/svn/packages/updates/2011/systemd/current/SOURCES/systemd-29-CVE-2012-1174.diff
David Walser 2012-03-17 18:00:06 CET

CC: (none) => mageia

Comment 1 David Walser 2012-03-18 18:07:49 CET 
Just in case you noticed that this patch has been reverted in MDV 2011, Oden said the reason was that the patch was supposed to be for systemd 30 and newer, and they had systemd 29 in 2011.  It should still be applicable to our version.

http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVA-2012:030
https://qa.mandriva.com/65398
Comment 2 David Walser 2012-03-21 23:39:17 CET 
This patch still applies in systemd 44.  Is this is legitimate issue?
Comment 3 Colin Guthrie 2012-03-22 00:07:50 CET 
It is a legitimate issue (although very unlikely and tricky to exploit). However, the patch is applied in our package anyway, so closing :)

Status: NEW => RESOLVED
Resolution: (none) => FIXED