[OE-core] [PATCH 1/3] systemd: Security fix CVE-2018-16864
Richard Purdie
richard.purdie at linuxfoundation.org
Thu Jan 24 22:33:33 UTC 2019
On Thu, 2019-01-24 at 15:55 +0000, Burton, Ross wrote:
> On Thu, 24 Jan 2019 at 12:44, Marcus Cooper <marcus.cooper at axis.com>
> wrote:
> > +++ b/meta/recipes-core/systemd/systemd/0024-journald-do-not-store-
> > the-iovec-entry-for-process-co.patch
> > @@ -0,0 +1,204 @@
> > +From fe19f5a9d0d8b9977e9507a9b66c3cc66744cd38 Mon Sep 17 00:00:00
> > 2001
> > +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <
> > zbyszek at in.waw.pl>
> > +Date: Wed, 5 Dec 2018 18:38:39 +0100
> > +Subject: [PATCH] journald: do not store the iovec entry for
> > process
> > + commandline on stack
> > +
> > +This fixes a crash where we would read the commandline, whose
> > length is under
> > +control of the sending program, and then crash when trying to
> > create a stack
> > +allocation for it.
> > +
> > +CVE-2018-16864
> > +https://bugzilla.redhat.com/show_bug.cgi?id=1653855
> > +
> > +The message actually doesn't get written to disk, because
> > +journal_file_append_entry() returns -E2BIG.
> > +
> > +Patch backported from systemd master at
> > +084eeb865ca63887098e0945fb4e93c852b91b0f.
>
> These patches need a CVE tag (CVE: CVE-2018-16864), and
> Upstream-Status tag (Backport), and your Signed-off-by.
This managed to sneak past me, can you send a follow up patch to fix
this please?
Cheers,
Richard
More information about the Openembedded-core
mailing list