Bug 7517

Summary: systemd security vulnerability (CVE-2018-1049)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: Andrey Bondrov <andrey.bondrov>
Status: VERIFIED FIXED QA Contact: Private ROSA Bugs <private-bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, eugene.shatokhin, m.novosyolov, v.potapov
Version: FreshFlags: v.potapov: qa_verified+
andrey.bondrov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2016-0380.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: systemd ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2016-11-18 00:51:34 MSK 
Andrew Ayer discovered that Systemd improperly handled zero-length
notification messages. A local unprivileged attacker could use this to
cause a denial of service (init crash leading to system unavailability)
(CVE-2016-7795).
Comment 1 Zombie Ryushu 2016-11-18 01:01:09 MSK 
Mageia has a patch for this, it could likely be resolved by merging their patch.
Comment 2 Zombie Ryushu 2018-01-04 09:13:16 MSK 
Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently
discovered that systemd-resolved incorrectly handled certain DNS responses.
A remote attacker could possibly use this issue to cause systemd to
temporarily stop responding, resulting in a denial of service
(CVE-2017-15908).

https://advisories.mageia.org/MGASA-2018-0057.html
Comment 3 Zombie Ryushu 2018-01-25 04:47:46 MSK 
In systemd prior to 234 a race exists between .mount and .automount
units such that automount requests from kernel may not be serviced by
systemd resulting in kernel holding the mountpoint and any processes
that try to use said mount will hang. A race like this may lead to
denial of service, until mount points are unmounted (CVE-2018-1049).

https://advisories.mageia.org/MGASA-2018-0094.html
Comment 4 Andrey Bondrov 2018-01-25 12:42:10 MSK 
(In reply to comment #0)
> Andrew Ayer discovered that Systemd improperly handled zero-length
> notification messages. A local unprivileged attacker could use this to
> cause a denial of service (init crash leading to system unavailability)
> (CVE-2016-7795).

We already had this one fixed in rosa2016.1.

Advisory: "Fix CVE-2017-15908 and CVE-2018-1049 in systemd"

https://abf.rosalinux.ru/build_lists/2918263
https://abf.rosalinux.ru/build_lists/2918264
Comment 5 Vladimir Potapov 2018-01-26 09:04:14 MSK 
The update is sent to expanded testing
***************************************
Comment 6 Andrey Bondrov 2018-01-30 17:50:26 MSK 
*** Bug 8717 has been marked as a duplicate of this bug. ***
Comment 7 Andrey Bondrov 2018-01-30 18:22:39 MSK 
Advisory: "Fix CVE-2017-15908 and CVE-2018-1049 in systemd. Fix upstream bug https://github.com/systemd/systemd/issues/5607 (better kernel 4.10+ support)"

https://abf.rosalinux.ru/build_lists/2918772
https://abf.rosalinux.ru/build_lists/2918773
Comment 8 Vladimir Potapov 2018-02-01 07:57:46 MSK 
The update is sent to expanded testing
**************************************
Comment 9 Vladimir Potapov 2018-02-07 18:26:22 MSK 
systemd-230-8
https://abf.rosalinux.ru/build_lists/2918772
https://abf.rosalinux.ru/build_lists/2918773
***************************** Advisory *****************************
Fix CVE-2017-15908 and CVE-2018-1049 in systemd. Fix upstream bug https://github.com/systemd/systemd/issues/5607 (better kernel 4.10+ support)
*********************************************************************
QA Verified