[OE-core] [PATCH v2 0/3] systemd: Fixes Security fix CVE-2018-16864 - CVE-2018-16866
Khem Raj
raj.khem at gmail.com
Mon Jan 28 16:58:26 UTC 2019
On Mon, Jan 28, 2019 at 3:20 AM Alexander Kanavin
<alex.kanavin at gmail.com> wrote:
>
> Maybe it's better to update systemd to latest upstream release?
>
Indeed but I would suggest to go to 241 which is in RC stage within
week of 240 release
> Alex
>
> On Mon, 28 Jan 2019 at 12:17, Marcus Cooper <marcus.cooper at axis.com> wrote:
> >
> > Changed in v2:
> > - Added CVE tag, Upstream-Status tag and Sign-off-by tags.
> > - removed the verification of the entry length in the header
> > - squashed CVE-2018-16865 patches into one
> > - CVE-2018-16866 patch now taken from systemd-stable and includes
> > an additional heap buffer overflow fix.
> >
> > Marcus Cooper (3):
> > systemd: Security fix CVE-2018-16864
> > systemd: Security fix CVE-2018-16865
> > systemd: Security fix CVE-2018-16866
> >
> > ...-not-store-the-iovec-entry-for-process-co.patch | 208 +++++++++++++++++++++
> > ...rnald-set-a-limit-on-the-number-of-fields.patch | 139 ++++++++++++++
> > ...nal-fix-out-of-bounds-read-CVE-2018-16866.patch | 49 +++++
> > meta/recipes-core/systemd/systemd_239.bb | 3 +
> > 4 files changed, 399 insertions(+)
> > create mode 100644 meta/recipes-core/systemd/systemd/0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
> > create mode 100644 meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch
> > create mode 100644 meta/recipes-core/systemd/systemd/0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
> >
> > --
> > 2.11.0
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list