Ubuntu has issued an advisory for this on September 29:
http://www.ubuntu.com/usn/usn-3094-1/

That should include a fix for CVE-2016-7795.

URL: (none) => http://lwn.net/Vulnerabilities/702225/

Updated in cauldron with upstream cherry picks (four patches, but only three strictly needed).

I've also written a backported patch for MGA5. I think it's right, but I've not tested it so this should certainly be done with care before pushing to updates!

LWN reference for CVE-2016-7796:
http://lwn.net/Vulnerabilities/703125/

Colin, what is the status of this?

I've been using systemd-217-11.2.mga5 since it was built Mon 03 Oct.

Is this ready to assign to qa? Advisory needed too.

CC: (none) => davidwhodgins

Advisory:
================

Updated systemd packages fix security vulnerability:

Andrew Ayer discovered that Systemd improperly handled zero-length notification
messages. A local unprivileged attacker could use this to cause a denial of
service (init crash leading to system unavailability) (CVE-2016-7795).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7795
http://www.ubuntu.com/usn/usn-3094-1/
================

Updated packages in core/updates_testing:
================
libgudev-gir1.0-217-11.2.mga5
libgudev1.0-devel-217-11.2.mga5
libgudev1.0_0-217-11.2.mga5
libsystemd0-217-11.2.mga5
libudev-devel-217-11.2.mga5
libudev1-217-11.2.mga5
nss-myhostname-217-11.2.mga5
python-systemd-217-11.2.mga5
systemd-217-11.2.mga5
systemd-devel-217-11.2.mga5
systemd-units-217-11.2.mga5

from systemd-217-11.2.mga5.src.rpm

Version: Cauldron => 5

On mga5-64

Updates installed:

- lib64gudev1.0_0-217-11.2.mga5.x86_64
- lib64systemd0-217-11.2.mga5.x86_64
- lib64udev1-217-11.2.mga5.x86_64
- nss-myhostname-217-11.2.mga5.x86_64
- systemd-217-11.2.mga5.x86_64
- systemd-units-217-11.2.mga5.x86_64

Packages installed cleanly
After normal running for 6 hours, no regressions noted

$ NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
Failed to notify init system: Connection refused

Which, IIUC, means that the vulnerability has been fixed.

OK for mga5-64

Do we need more testing before marking this as OK for mga5-64?

CC: (none) => jim

I know that I and at least a few others have been running this for weeks with no issue (in my case on both architectures).  As long as the PoC no longer works, this can be validated.

On mga5-32

Updates installed:

- libgudev1.0_0-217-11.2.mga5.i586
- libsystemd0-217-11.2.mga5.i586
- libudev1-217-11.2.mga5.i586
- nss-myhostname-217-11.2.mga5.i586
- systemd-217-11.2.mga5.i586
- systemd-units-217-11.2.mga5.i586

Packages installed cleanly
No regressions noted.

$ NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
$ 

The lack of a response I take to mean that the vulnerability has been fixed.
Before the update that command caused the system to become unresponsive.

OK for mga5-32

This update is now validated.
The advisory needs to be uploaded to SVN
The packages can then be pushed to updates.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

x86_64 real hardware.
I was just about to ask if it was safe to run.  A reboot I guess?
Here goes.

CC: (none) => tarazed25

$ NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
NOTIFY_SOCKET=/run/systemd/notify: Command not found.
$ sudo /run/systemd/notify systemd-notify ""
sudo: /run/systemd/notify: command not found
$ sudo NOTIFY-SOCKET=/run/systemd/notify systemd-notify ""

However, I have just checked the versions and find that the updates are in place.  No memory of having done that.

So it is also good for 64-bits.

Just noticed that James had already OKd it.

Advisory uploaded as per Comment 6.

CC: (none) => lewyssmith
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisory

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0380.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED