[Secure-testing-team] Bug#725357: systemd: Multiple security issues

Moritz Muehlenhoff jmm at inutil.org
Fri Oct 4 13:41:54 UTC 2013


Package: systemd
Severity: grave
Tags: security

Four security issues have been discovered in systemd by Florian Weimer:

CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
https://bugzilla.redhat.com/show_bug.cgi?id=862324
http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680

CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
https://bugzilla.redhat.com/show_bug.cgi?id=859104
http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd

CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
https://bugzilla.redhat.com/show_bug.cgi?id=859060
No upstream fix is available, but we don't support /etc/tmpfiles.d anyway

CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
https://bugzilla.redhat.com/show_bug.cgi?id=859051
http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e

Cheers,
        Moritz



More information about the Secure-testing-team mailing list