4998 – systemd new security issue CVE-2012-1174

Bug 4998 - systemd new security issue CVE-2012-1174

Summary: systemd new security issue CVE-2012-1174

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-03-17 17:59 CET by David Walser
Modified:	2012-03-22 00:07 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	systemd-43-5.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-03-17 17:59:43 CET

Mandriva issued this advisory yesterday (March 16):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:030

The patch, which applies to our systemd version, is here:
http://svn.mandriva.com/svn/packages/updates/2011/systemd/current/SOURCES/systemd-29-CVE-2012-1174.diff

David Walser 2012-03-17 18:00:06 CET

CC: (none) => mageia

Comment 1 David Walser 2012-03-18 18:07:49 CET

Just in case you noticed that this patch has been reverted in MDV 2011, Oden said the reason was that the patch was supposed to be for systemd 30 and newer, and they had systemd 29 in 2011.  It should still be applicable to our version.

http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVA-2012:030
https://qa.mandriva.com/65398

Comment 2 David Walser 2012-03-21 23:39:17 CET

This patch still applies in systemd 44.  Is this is legitimate issue?

Comment 3 Colin Guthrie 2012-03-22 00:07:50 CET

It is a legitimate issue (although very unlikely and tricky to exploit). However, the patch is applied in our package anyway, so closing :)

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.