Description of problem: A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. Version-Release number of selected component (if applicable): systemd-236-7.mga7 How reproducible: Currently (2018-11-03) there are no working exploits, but it remains a security issue
Could you please provide a reference URL for this?
systemd-230-12.4.mga6 building with https://github.com/systemd/systemd/commit/4dac5eaba4e419b29c97da38a8b1f82336c2c892
CC: (none) => tmb
(In reply to Thomas Backlund from comment #2) > systemd-230-12.4.mga6 building with > > https://github.com/systemd/systemd/commit/ > 4dac5eaba4e419b29c97da38a8b1f82336c2c892 Thanks, Thomas. Cauldron still needs the patch, right? And does this bug report need to be cloned for NetworkManager? https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=01ca2053bbea09f35b958c8cc7631e15469acb79
Whiteboard: (none) => MGA6TOOAssignee: bugsquad => basesystemCC: (none) => marja11
Cauldron patched, but failed to build for some meson issues. I assume they will work when we update to 239 or newer so the fix is queued for now there... networkmanager patched in cauldron and mga6, and since the fix is in the same code for both I think we can track them in one bugreport... So, packages to test: SRPMS: networkmanager-1.8.6-1.1.mga6.src.rpm systemd-230-12.4.mga6.src.rpm i586: libnetworkmanager-gir1.0-1.8.6-1.1.mga6.i586.rpm libnm0-1.8.6-1.1.mga6.i586.rpm libnmclient-gir1.0-1.8.6-1.1.mga6.i586.rpm libnm-devel-1.8.6-1.1.mga6.i586.rpm libnm-gir1.0-1.8.6-1.1.mga6.i586.rpm libnm-glib4-1.8.6-1.1.mga6.i586.rpm libnm-glib-devel-1.8.6-1.1.mga6.i586.rpm libnm-glib-vpn1-1.8.6-1.1.mga6.i586.rpm libnm-glib-vpn-devel-1.8.6-1.1.mga6.i586.rpm libnm-util2-1.8.6-1.1.mga6.i586.rpm libnm-util-devel-1.8.6-1.1.mga6.i586.rpm networkmanager-1.8.6-1.1.mga6.i586.rpm networkmanager-adsl-1.8.6-1.1.mga6.i586.rpm networkmanager-bluetooth-1.8.6-1.1.mga6.i586.rpm networkmanager-ppp-1.8.6-1.1.mga6.i586.rpm networkmanager-team-1.8.6-1.1.mga6.i586.rpm networkmanager-tui-1.8.6-1.1.mga6.i586.rpm networkmanager-wifi-1.8.6-1.1.mga6.i586.rpm networkmanager-wwan-1.8.6-1.1.mga6.i586.rpm libsystemd0-230-12.4.mga6.i586.rpm libudev1-230-12.4.mga6.i586.rpm libudev-devel-230-12.4.mga6.i586.rpm nss-myhostname-230-12.4.mga6.i586.rpm systemd-230-12.4.mga6.i586.rpm systemd-devel-230-12.4.mga6.i586.rpm systemd-units-230-12.4.mga6.i586.rpm x86_64: lib64networkmanager-gir1.0-1.8.6-1.1.mga6.x86_64.rpm lib64nm0-1.8.6-1.1.mga6.x86_64.rpm lib64nmclient-gir1.0-1.8.6-1.1.mga6.x86_64.rpm lib64nm-devel-1.8.6-1.1.mga6.x86_64.rpm lib64nm-gir1.0-1.8.6-1.1.mga6.x86_64.rpm lib64nm-glib4-1.8.6-1.1.mga6.x86_64.rpm lib64nm-glib-devel-1.8.6-1.1.mga6.x86_64.rpm lib64nm-glib-vpn1-1.8.6-1.1.mga6.x86_64.rpm lib64nm-glib-vpn-devel-1.8.6-1.1.mga6.x86_64.rpm lib64nm-util2-1.8.6-1.1.mga6.x86_64.rpm lib64nm-util-devel-1.8.6-1.1.mga6.x86_64.rpm networkmanager-1.8.6-1.1.mga6.x86_64.rpm networkmanager-adsl-1.8.6-1.1.mga6.x86_64.rpm networkmanager-bluetooth-1.8.6-1.1.mga6.x86_64.rpm networkmanager-ppp-1.8.6-1.1.mga6.x86_64.rpm networkmanager-team-1.8.6-1.1.mga6.x86_64.rpm networkmanager-tui-1.8.6-1.1.mga6.x86_64.rpm networkmanager-wifi-1.8.6-1.1.mga6.x86_64.rpm networkmanager-wwan-1.8.6-1.1.mga6.x86_64.rpm lib64systemd0-230-12.4.mga6.x86_64.rpm lib64udev1-230-12.4.mga6.x86_64.rpm lib64udev-devel-230-12.4.mga6.x86_64.rpm nss-myhostname-230-12.4.mga6.x86_64.rpm systemd-230-12.4.mga6.x86_64.rpm systemd-devel-230-12.4.mga6.x86_64.rpm systemd-units-230-12.4.mga6.x86_64.rpm
Assignee: basesystem => qa-bugsWhiteboard: MGA6TOO => (none)Version: Cauldron => 6
Ubuntu has issued an advisory for this on November 5: https://usn.ubuntu.com/3806-1/
and for NetworkManager: https://usn.ubuntu.com/3807-1/
SUSE has issued an advisory on November 7: http://lists.suse.com/pipermail/sle-security-updates/2018-November/004834.html It also fixed CVE-2018-15686.
Keywords: (none) => feedback
Fedora has issued an advisory on November 1: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZIW3U6K2IVST5QJRIY2JLSR32C732ZZR/ It also fixed CVE-2018-15687.
CC: (none) => qa-bugsWhiteboard: (none) => MGA6TOOSummary: systemd new security issue CVE-2018-15688 => systemd new security issues CVE-2018-1568[6-8]Assignee: qa-bugs => tmbVersion: 6 => CauldronKeywords: feedback => (none)
Fedora advisory for CVE-2018-15688 in NetworkManager: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6D5EHDWAX7OYO4OCUN45WYDWUF3HTDVG/
Ubuntu has issued an advisory on November 12: https://usn.ubuntu.com/3816-1/ It fixes two of these issues and CVE-2018-6954.
CC: (none) => luigiwalserSummary: systemd new security issues CVE-2018-1568[6-8] => systemd new security issues CVE-2018-6954 and CVE-2018-1568[6-8]
Ubuntu has issued an updated advisory on November 19: https://usn.ubuntu.com/3816-2/ It has additional fixes for CVE-2018-6954.
(In reply to David Walser from comment #11) > Ubuntu has issued an updated advisory on November 19: > https://usn.ubuntu.com/3816-2/ > > It has additional fixes for CVE-2018-6954. More details on this issue: https://www.openwall.com/lists/oss-security/2018/12/22/1
Blocks: (none) => 22692
Three more security issues (in systemd-journald) have been announced: https://www.openwall.com/lists/oss-security/2019/01/09/3
Summary: systemd new security issues CVE-2018-6954 and CVE-2018-1568[6-8] => systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6]
Jep. I think Neal was/is working on upgrading Cauldron to v240 (or v241 if it will be a fast release for the security issuees) so I'll leave that for now.... I will look at fixing up Mga6 tomorrow...
CC: (none) => ngompa13
Debian has issued an advisory for the new issues on January 13: https://www.debian.org/security/2019/dsa-4367
Ubuntu has issued an advisory for the new issues on January 11: https://usn.ubuntu.com/3855-1/
openSUSE has issued advisories for this on January 29: https://lists.opensuse.org/opensuse-updates/2019-01/msg00093.html https://lists.opensuse.org/opensuse-updates/2019-01/msg00096.html
*** Bug 24323 has been marked as a duplicate of this bug. ***
CC: (none) => jeffrobinsSAE
CC: (none) => basesystem
Fedora has issued an advisory today (February 11): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N5OLTVMFMAQMZPEOF5UNGZ7XJ2XTQSOM/ It fixes rhbz#1665931, an issue with excessive memory usage for journald.
There is now systemd v241 in Cauldron testing. CVE-2018-15687 does not affect mga6 as that code landed in v234. CVE-2018-15688 and CVE-2018-15686 fixed in svn. I'll try to get the rest done this week if I have time for it
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
A security issue in systemd has been announced today (February 18): https://www.openwall.com/lists/oss-security/2019/02/18/3 Patches to fix the issue are attached to the message above.
Whiteboard: (none) => MGA6TOOSummary: systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6] => systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6], CVE-2019-6454Version: 6 => Cauldron
(In reply to David Walser from comment #21) > A security issue in systemd has been announced today (February 18): > https://www.openwall.com/lists/oss-security/2019/02/18/3 > > Patches to fix the issue are attached to the message above. Debian and Ubuntu have issued advisories for this today (February 18): https://www.debian.org/security/2019/dsa-4393 https://usn.ubuntu.com/3891-1/
(In reply to David Walser from comment #21) > A security issue in systemd has been announced today (February 18): > https://www.openwall.com/lists/oss-security/2019/02/18/3 > > Patches to fix the issue are attached to the message above. RedHat has issued an advisory for this today (February 19): https://access.redhat.com/errata/RHSA-2019:0368
Fixed in Cauldron in systemd-241-1.mga7 by Thomas.
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Fedora has issued an advisory today (April 1): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XFDD5K5TGQJDKFEFK2NCGEFEQFSCSBOG/ I'm not sure what the security issue is. Maybe the memory leak?
Debian has issued an advisory on April 8: https://www.debian.org/security/2019/dsa-4428 It fixes one new issue (CVE-2019-3842), fixed upstream in 242.
Version: 6 => CauldronWhiteboard: (none) => MGA6TOOSummary: systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6], CVE-2019-6454 => systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6], CVE-2019-3842, CVE-2019-6454
(In reply to David Walser from comment #26) > Debian has issued an advisory on April 8: > https://www.debian.org/security/2019/dsa-4428 > > It fixes one new issue (CVE-2019-3842), fixed upstream in 242. Ubuntu has issued an advisory for this on April 8: https://usn.ubuntu.com/3938-1/
Exploit info for CVE-2018-1686[56]: https://www.openwall.com/lists/oss-security/2019/05/10/4
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
All security issues are fixed in systemd-241-8.mga7 that is on Mga7 release isos and /release tree
Version: Cauldron => 6Whiteboard: MGA7TOO, MGA6TOO => (none)
RedHat has issued an advisory on August 6: https://access.redhat.com/errata/RHSA-2019:2091 It has one new CVE (fixed upstream in 237): CVE-2018-16888
Summary: systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6], CVE-2019-3842, CVE-2019-6454 => systemd new security issues CVE-2018-6954, CVE-2018-1568[6-8], CVE-2018-1686[4-6], CVE-2018-16888, CVE-2019-3842, CVE-2019-6454
Depends on: (none) => 25404
Mageia 6 is EOL.
Resolution: (none) => OLDStatus: NEW => RESOLVEDCC: (none) => mrambo