Qualys has issued an advisory today (July 20): https://www.openwall.com/lists/oss-security/2021/07/20/2 Presumably the patches are available somewhere today (possibly a systemd mailing list).
Fixed in cauldron in v249.1 and for mga8: systemd-246.14-2.mga8 is currently building
this is an update to v246.14 (from v246.13) to fix some bugs and I backpoorted the fix for the CVE. SRPM: systemd-246.14-2.mga8.src.rpm i586: libsystemd0-246.14-2.mga8.i586.rpm libudev1-246.14-2.mga8.i586.rpm libudev-devel-246.14-2.mga8.i586.rpm nss-myhostname-246.14-2.mga8.i586.rpm systemd-246.14-2.mga8.i586.rpm systemd-devel-246.14-2.mga8.i586.rpm systemd-homed-246.14-2.mga8.i586.rpm systemd-tests-246.14-2.mga8.i586.rpm x86_64: lib64systemd0-246.14-2.mga8.x86_64.rpm lib64udev1-246.14-2.mga8.x86_64.rpm lib64udev-devel-246.14-2.mga8.x86_64.rpm nss-myhostname-246.14-2.mga8.x86_64.rpm systemd-246.14-2.mga8.x86_64.rpm systemd-devel-246.14-2.mga8.x86_64.rpm systemd-homed-246.14-2.mga8.x86_64.rpm systemd-tests-246.14-2.mga8.x86_64.rpm
Assignee: tmb => qa-bugs
Suggested Advisory: ======================== Updated systemd packages fix security vulnerability: basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash (CVE-2021-29270). systemd packages are updated from 246.13 to 246.14 upstream stable version with a backported fix for the CVE. References: - https://bugs.mageia.org/show_bug.cgi?id=29270 - https://www.openwall.com/lists/oss-security/2021/07/20/2 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910 ======================== Updated packages in core/updates_testing: ======================== lib(64)systemd0-246.14-2.mga8 lib(64)udev1-246.14-2.mga8 lib(64)udev-devel-246.14-2.mga8 nss-myhostname-246.14-2.mga8 systemd-246.14-2.mga8 systemd-devel-246.14-2.mga8 systemd-homed-246.14-2.mga8 systemd-tests-246.14-2.mga8
CC: (none) => ouaurelien
Note also there is a 246.15 tag upstream https://github.com/systemd/systemd-stable/releases
No problems encountered on my systems or in vb guests. Validating the update.
CC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK MGA8-32-OK
(In reply to Aurelien Oudelet from comment #4) > Note also there is a 246.15 tag upstream > https://github.com/systemd/systemd-stable/releases How nice, they rolled it out after I built this one... Normally I would have ignored that for now as this is a security update, but there is some other uaf and crash fixes and an other security fix hiding in there: CVE-2020-13529, so the rpms to validate are now: SRPM: systemd-246.15-1.mga8.src.rpm i586: libsystemd0-246.15-1.mga8.i586.rpm libudev1-246.15-1.mga8.i586.rpm libudev-devel-246.15-1.mga8.i586.rpm nss-myhostname-246.15-1.mga8.i586.rpm systemd-246.15-1.mga8.i586.rpm systemd-devel-246.15-1.mga8.i586.rpm systemd-homed-246.15-1.mga8.i586.rpm systemd-tests-246.15-1.mga8.i586.rpm x86_64: lib64systemd0-246.15-1.mga8.x86_64.rpm lib64udev1-246.15-1.mga8.x86_64.rpm lib64udev-devel-246.15-1.mga8.x86_64.rpm nss-myhostname-246.15-1.mga8.x86_64.rpm systemd-246.15-1.mga8.x86_64.rpm systemd-devel-246.15-1.mga8.x86_64.rpm systemd-homed-246.15-1.mga8.x86_64.rpm systemd-tests-246.15-1.mga8.x86_64.rpm
Keywords: validated_update => (none)CVE: (none) => CVE-2020-13529, CVE-2021-33910Whiteboard: MGA8-64-OK MGA8-32-OK => (none)Summary: systemd new security issue CVE-2021-33910 => systemd new security issues CVE-2021-33910 and CVE-2020-13529
Advisory, added to svn: type: security subject: Updated systemd packages fix security vulnerabilities CVE: - CVE-2020-13529 - CVE-2021-33910 src: 8: core: - systemd-246.15-1.mga8 description: | This systemd update provides the v246.15 maintenance release and fixes atleast the following security issues: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server (CVE-2020-13529). basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash (CVE-2021-29270). references: - https://bugs.mageia.org/show_bug.cgi?id=29270 - https://github.com/systemd/systemd-stable/compare/v246.13...v246.15 - https://www.openwall.com/lists/oss-security/2021/07/20/2
Keywords: (none) => advisory
Phys hardware - AMD X3, Nvidia 390 The following 6 packages are going to be installed: - lib64cap-devel-2.46-1.mga8.x86_64 - lib64systemd0-246.15-1.mga8.x86_64 - libcap-utils-2.46-1.mga8.x86_64 - nss-myhostname-246.15-1.mga8.x86_64 - systemd-246.15-1.mga8.x86_64 - systemd-devel-246.15-1.mga8.x86_64 413KB of additional disk space will be used. rebooted # systemctl --version systemd 246 (246) +PAM +AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN -PCRE2 default-hierarchy=unified thank goodness it came back working
CC: (none) => brtians1
Ubuntu has issued an advisory for this on July 20: https://ubuntu.com/security/notices/USN-5013-1
Summary: systemd new security issues CVE-2021-33910 and CVE-2020-13529 => systemd new security issues CVE-2020-13529 and CVE-2021-33910Severity: normal => critical
x86_64 Tested OK, with both new kernels (details there) with also from testing: mesa, x11
CC: (none) => fri
Ok on all of my systems and vb guests. Validating
Whiteboard: (none) => MGA8-64-OK MGA8-32-OKKeywords: (none) => validated_update
x86_64 mga8 OK on all systems, baremetals and VM.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0365.html
Status: NEW => RESOLVEDResolution: (none) => FIXED