* [Buildroot] [PATCH-2021.02.x] package/systemd: security bump to version 247.9
@ 2021-10-13 11:48 Peter Korsgaard
2021-10-14 20:29 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2021-10-13 11:48 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Yann E. MORIN
Fixes the following security issues:
- CVE-2020-13529: An exploitable denial-of-service vulnerability exists in
Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a
server running the DHCP client to be vulnerable to a DHCP ACK spoofing
attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets
to reconfigure the server.
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
- CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1)
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1
Update hash of README for a change of IRC network:
- #systemd on irc.freenode.org
+ #systemd on irc.libera.chat
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/systemd/systemd.hash | 4 ++--
package/systemd/systemd.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/systemd/systemd.hash b/package/systemd/systemd.hash
index 20cd922259..4ed5e96d4f 100644
--- a/package/systemd/systemd.hash
+++ b/package/systemd/systemd.hash
@@ -1,6 +1,6 @@
# sha256 locally computed
-sha256 2869986e219a8dfc96cc0dffac66e0c13bb70a89e16b85a3948876c146cfa3e0 systemd-247.3.tar.gz
+sha256 629b8c895efa000b921092c7a565680c66dcd0ec74ed11cb2dd2b6701492675d systemd-247.9.tar.gz
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 LICENSE.GPL2
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 LICENSE.LGPL2.1
-sha256 6f22d19d35b00f35e0444e0bc9139e6d3bdf7277978f89c4e175e37b18c43f3d README
+sha256 996b2bd286a6832b4c8cbab8e662d371e2fd061a2e14925bc6099d805f12c7a3 README
sha256 83bb6bd9ccd2cf5230cb1807ed16258289768dc4d9cb80069a814e04415a1275 tools/chromiumos/LICENSE
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 74c561e67e..21e8c48ed7 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SYSTEMD_VERSION = 247.3
+SYSTEMD_VERSION = 247.9
SYSTEMD_SITE = $(call github,systemd,systemd-stable,v$(SYSTEMD_VERSION))
SYSTEMD_LICENSE = LGPL-2.1+, GPL-2.0+ (udev), Public Domain (few source files, see README), BSD-3-Clause (tools/chromiumos)
SYSTEMD_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 README tools/chromiumos/LICENSE
--
2.20.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH-2021.02.x] package/systemd: security bump to version 247.9
2021-10-13 11:48 [Buildroot] [PATCH-2021.02.x] package/systemd: security bump to version 247.9 Peter Korsgaard
@ 2021-10-14 20:29 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2021-10-14 20:29 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Yann E. MORIN
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-13529: An exploitable denial-of-service vulnerability exists in
> Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a
> server running the DHCP client to be vulnerable to a DHCP ACK spoofing
> attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets
> to reconfigure the server.
> https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
> - CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1)
> https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1
> Update hash of README for a change of IRC network:
> - #systemd on irc.freenode.org
> + #systemd on irc.libera.chat
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-14 20:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-13 11:48 [Buildroot] [PATCH-2021.02.x] package/systemd: security bump to version 247.9 Peter Korsgaard
2021-10-14 20:29 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.