Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

systemd: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 #1577

Closed
l2dy opened this issue Jan 11, 2019 · 4 comments

Comments

Projects
None yet
2 participants
@l2dy
Copy link
Contributor

commented Jan 11, 2019

CVE IDs: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866

Other security advisory IDs: USN-3855-1, DSA-4367-1

Descriptions:
It was discovered that systemd-journald allocated variable-length buffers
for certain message fields on the stack. A local attacker could
potentially exploit this to cause a denial of service, or execute
arbitrary code. (CVE-2018-16864)

It was discovered that systemd-journald allocated variable-length arrays
of objects representing message fields on the stack. A local attacker
could potentially exploit this to cause a denial of service, or execute
arbitrary code. (CVE-2018-16865)

An out-of-bounds read was discovered in systemd-journald. A local
attacker could potentially exploit this to obtain sensitive information
and bypass ASLR protections. (CVE-2018-16866)

Patches: from Ubuntu

PoC(s): https://www.openwall.com/lists/oss-security/2019/01/09/3

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
  • PowerPC 32-bit BE powerpc

@MingcongBai MingcongBai changed the title systemd: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 systemd: CVE-2018-15686, CVE-2018-15687, CVE-2018-15688, CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 Jan 15, 2019

@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 15, 2019

Added 3 more CVEs, as provided with systemd 239-7ubuntu10.6.

@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 16, 2019

Apologies, those additional three were fixed before.

@MingcongBai MingcongBai changed the title systemd: CVE-2018-15686, CVE-2018-15687, CVE-2018-15688, CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 systemd: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866 Jan 16, 2019

MingcongBai added a commit that referenced this issue Jan 16, 2019

@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 25, 2019

Fixed with c014b76. Closing.

@MingcongBai MingcongBai removed the upgrade label Jan 25, 2019

@l2dy

This comment has been minimized.

Copy link
Contributor Author

commented Jan 25, 2019

Use AOSA-2019-0017.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.