All of lore.kernel.org
 help / color / mirror / Atom feed
From: James Hilliard <james.hilliard1@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/systemd: add upstream fix for CVE-2018-16864
Date: Fri, 11 Jan 2019 04:03:20 -0700	[thread overview]
Message-ID: <CADvTj4oX2kY5WepFYp7FY4UQJjUujpQ4+SeyWKiu4CvyFBMuWQ@mail.gmail.com> (raw)
In-Reply-To: <87sgxzqxny.fsf@dell.be.48ers.dk>

On Fri, Jan 11, 2019 at 3:46 AM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "james" == james hilliard1 <james.hilliard1@gmail.com> writes:
>
>  > From: James Hilliard <james.hilliard1@gmail.com>
>  > Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
>  > ---
>  >  ...-not-store-the-iovec-entry-for-process-co.patch | 205 +++++++++++++++++++++
>  >  1 file changed, 205 insertions(+)
>  >  create mode 100644 package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
>
>  > diff --git
>  > a/package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
>  > b/package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
>  > new file mode 100644
>  > index 0000000..dbf9bb5
>  > --- /dev/null
>  > +++ b/package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
>  > @@ -0,0 +1,205 @@
>  > +From 084eeb865ca63887098e0945fb4e93c852b91b0f Mon Sep 17 00:00:00 2001
>  > +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
>  > +Date: Wed, 5 Dec 2018 18:38:39 +0100
>  > +Subject: [PATCH] journald: do not store the iovec entry for process
>  > + commandline on stack
>  > +
>  > +This fixes a crash where we would read the commandline, whose length is under
>  > +control of the sending program, and then crash when trying to create a stack
>  > +allocation for it.
>  > +
>  > +CVE-2018-16864
>  > +https://bugzilla.redhat.com/show_bug.cgi?id=1653855
>  > +
>  > +The message actually doesn't get written to disk, because
>  > +journal_file_append_entry() returns -E2BIG.
>  > +
>  > +[james.hilliard1 at gmail.com: backport from upstream commit
>  > +084eeb865ca63887098e0945fb4e93c852b91b0f]
>  > +Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
>
> The "standard way" to backport is to use git cherry-pick -sx which adds
> a line like:
Patch format in buildroot seems to be fairly inconstant. I think this
format was what I was recommended to use last.
>
> (cherry picked from commit 084eeb865ca63887098e0945fb4e93c852b91b0f)
>
> What about CVE-2018-16865, E.G. commit 052c57f132f04a / ef4d6abe7c7fa?
> Do those not apply to 240?
So here https://www.qualys.com/2019/01/09/system-down/system-down.txt it says:
"CVE-2018-16865 was introduced in December 2011 (systemd v38) and became
exploitable in April 2013 (systemd v201). CVE-2018-16866 was introduced
in June 2015 (systemd v221) and was inadvertently fixed in August 2018."
So my assumption was that we didn't need patches for CVE-2018-16865
since systemd 240 was released in Dec 2018.
>
> --
> Bye, Peter Korsgaard

  reply	other threads:[~2019-01-11 11:03 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-11  7:54 [Buildroot] [PATCH 1/1] package/systemd: add upstream fix for CVE-2018-16864 james.hilliard1 at gmail.com
2019-01-11 10:46 ` Peter Korsgaard
2019-01-11 11:03   ` James Hilliard [this message]
2019-01-11 11:34     ` Peter Korsgaard
2019-01-11 11:36       ` James Hilliard
2019-01-11 11:45         ` Peter Korsgaard
2019-01-11 11:48           ` James Hilliard
2019-01-11 11:53             ` Peter Korsgaard
2019-01-11 12:04               ` James Hilliard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CADvTj4oX2kY5WepFYp7FY4UQJjUujpQ4+SeyWKiu4CvyFBMuWQ@mail.gmail.com \
    --to=james.hilliard1@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.