A security issue fixed upstream in systemd has been announced on January 19: http://openwall.com/lists/oss-security/2018/01/19/8 The upstream commit that fixed it is linked in the message above. The fix was included in 234, so Cauldron is not affected. Mageia 5 is probably also affected.
Mageia 5 may be affected, but the code is a bit different, so I'll leave that for now. Advisory: ======================== Updated systemd packages fix security vulnerability: In systemd prior to 234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, until mount points are unmounted (CVE-2018-1049). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1049 http://openwall.com/lists/oss-security/2018/01/19/8 ======================== Updated packages in core/updates_testing: ======================== systemd-230-12.3.mga6 systemd-units-230-12.3.mga6 systemd-devel-230-12.3.mga6 nss-myhostname-230-12.3.mga6 libsystemd0-230-12.3.mga6 libudev1-230-12.3.mga6 libudev-devel-230-12.3.mga6 from systemd-230-12.3.mga6.src.rpm
Assignee: bugsquad => qa-bugs
Keywords: (none) => advisory
MGA6-32 on Dell Latitude D600 Mate No installation issues After reboot exercised usual set of functions (text images, etc...) in the period of some hours, no problems encountered. OK for me.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Mga6 -64 Plasma on real hardware with an Intel Core2Duo, 8GB RAM, Intel graphics. Installed this update, ran the usual apps. In an uninformed attempt to test the issue, I plugged a flash drive and an external hard drive into usb ports while Dolphin was running. Each was detected and shown in the Places window, and automounted when I clicked on it. Each also unmounted when I chose "safely remove..." Nothing locked up, but then I've done this before, many times, and never saw a lockup, so perhaps this isn't a proper test. Anyway, I'm not seeing any problems.
CC: (none) => andrewsfarm
Mga6-64 on real hardware, Athlon X2 7750, 8GB, nvidia340 graphics, Atheros wifi. Seems to check out on this hardware, as well. Giving it a 64-bit OK.
Whiteboard: MGA6-32-OK => MGA6-64-OK MGA6-32-OK
Same hardware as Comment 4, this time with a 32-bit Xfce system, server kernel. Looks OK.
M6/64 Used the system with this update without noticing any grief. Second the previous M6/64 OK. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0094.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
RedHat has issued an advisory for this today (January 31): https://access.redhat.com/errata/RHSA-2018:0260 Their patch for systemd 219: https://git.centos.org/raw/rpms/systemd.git/99d80ac905364a56e7e1d3aba7071ce0da365c4a/SOURCES!0507-automount-ack-automount-requests-even-when-already-m.patch Still doesn't cleanly apply to our 217 in Mageia 5.