Bugzilla – Bug 843507
VUL-0: CVE-2013-4391 CVE-2013-4392 CVE-2013-4393 CVE-2013-4394: systemd: 4 security issues
Last modified: 2015-02-18 21:42:41 UTC
public via oss-sec (CVEs not yet assigned. If I should split this bug, please tell.) Hi All, I would like to request CVE ids for 4 systemd issues. 1. systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages https://bugzilla.redhat.com/show_bug.cgi?id=859051 2. systemd: TOCTOU race condition when updating file permissions and SELinux security contexts https://bugzilla.redhat.com/show_bug.cgi?id=859060 3. systemd: Possibility of denial of logging service by processing native messages from file https://bugzilla.redhat.com/show_bug.cgi?id=859104 4. systemd: Improper sanitization of invalid XKB layouts descriptions (privilege escalation when custom PolicyKit local authority file used) https://bugzilla.redhat.com/show_bug.cgi?id=862324 Thanks! References: https://bugzilla.redhat.com/show_bug.cgi?id=859051 https://bugzilla.redhat.com/show_bug.cgi?id=859104 https://bugzilla.redhat.com/show_bug.cgi?id=859060 https://bugzilla.redhat.com/show_bug.cgi?id=862324 http://comments.gmane.org/gmane.comp.security.oss.general/11201
> 1. systemd: Integer overflow, leading to heap-based buffer overflow > by processing native messages > https://bugzilla.redhat.com/show_bug.cgi?id=859051 Please use CVE-2013-4391 for this issue. > 2. systemd: TOCTOU race condition when updating file permissions > and SELinux security contexts > https://bugzilla.redhat.com/show_bug.cgi?id=859060 Please use CVE-2013-4392 for this issue. > 3. systemd: Possibility of denial of logging service by processing > native messages from file > https://bugzilla.redhat.com/show_bug.cgi?id=859104 Please use CVE-2013-4393 for this issue. > 4. systemd: Improper sanitization of invalid XKB layouts > descriptions (privilege escalation when custom PolicyKit local > authority file used) > https://bugzilla.redhat.com/show_bug.cgi?id=862324 Please use CVE-2013-4394 for this issue.
bugbot adjusting priority
for Factory, was fixed with systemd v207 (already in): CVE-2013-4391 the three others have not patches attached in RH bugzilla (and I didn't find anything in upstream git).
ping?
ping???
A CVE-2013-4394 fix is in the RH bugzilla meanwhile. The others still seem to be private to RH.
CVE-2013-4394: http://cgit.freedesktop.org/systemd/systemd/commit/?id=8d789b905dba8aebd30238520b6ad52fb866af95
CVE-2013-4394: this patch is old (2012-10-03), it only on systemd pre version v195, so openSUSE 12.2 or before. openSUSE 12.3 and 13.1 are safe. I should be able to backport this patch but I'd prefer to do all of this backporting (ie the other CVE) at the same time ;)
The question rises : Why are those reports not reported and discucced on the official linux security mailing list? Simply to help al vendors and not only RedHat to fix them at the same time.
CVE-2013-4393 looks to have these commits: http://cgit.freedesktop.org/systemd/systemd/log/src/journal/journald-native.c http://cgit.freedesktop.org/systemd/systemd/commit/src/journal/journald-native.c?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd (+ stddef.h one http://cgit.freedesktop.org/systemd/systemd/commit/src/journal/journald-native.c?id=4871690d9e32608bbd9b18505b5326c2079c9690 )
to answer #c10 ... no one really cared, and it seems except for one likely fixed already
ping was it already fixed? I dont see this bnc or the CVEs being mentioned in the systemd.changes, on SLE-12 codestream
(In reply to Victor Pereira from comment #13) AFAICS and AFAICR those are fixed with systemd-210 and this is the version for SLES-12
yes, thank you!