[Secure-testing-team] Bug#725357: systemd: Multiple security issues
Moritz Muehlenhoff
jmm at inutil.org
Fri Oct 4 13:41:54 UTC 2013
Package: systemd
Severity: grave
Tags: security
Four security issues have been discovered in systemd by Florian Weimer:
CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
https://bugzilla.redhat.com/show_bug.cgi?id=862324
http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680
CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
https://bugzilla.redhat.com/show_bug.cgi?id=859104
http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd
CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
https://bugzilla.redhat.com/show_bug.cgi?id=859060
No upstream fix is available, but we don't support /etc/tmpfiles.d anyway
CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
https://bugzilla.redhat.com/show_bug.cgi?id=859051
http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e
Cheers,
Moritz
More information about the Secure-testing-team
mailing list