[Buildroot] [PATCH 1/1] package/systemd: Add upstream patch to fix CVE-2018-15688

Peter Korsgaard peter at korsgaard.com
Tue Oct 30 20:09:22 UTC 2018


>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:

Please always add a short description what the CVE is about. I have
added:

Systemd-networkd is vulnerable to an out out-of-bounds heap write in the
DHCPv6 client when handling options sent by network adjacent DHCP
servers. A attacker could exploit this via malicious DHCP server to
corrupt heap memory on client machines, resulting in a denial of service
or potential code execution.


> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
 > ---
 >  ...we-have-enough-space-for-the-DHCP6-o.patch | 30 +++++++++++++++++++
 >  1 file changed, 30 insertions(+)
 >  create mode 100644 package/systemd/0005-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch

 > diff --git
 > a/package/systemd/0005-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
 > b/package/systemd/0005-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
 > new file mode 100644
 > index 0000000000..6a72a38988
 > --- /dev/null
 > +++ b/package/systemd/0005-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
 > @@ -0,0 +1,30 @@
 > +From 49653743f69658aeeebdb14faf1ab158f1f2cb20 Mon Sep 17 00:00:00 2001
 > +From: Lennart Poettering <lennart at poettering.net>
 > +Date: Fri, 19 Oct 2018 12:12:33 +0200
 > +Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
 > + header
 > +
 > +Fixes CVE-2018-15688:
 > +https://security-tracker.debian.org/tracker/CVE-2018-15688

That page mentions that a similar fix is needed for networkmanager. Will
you also send a patch for that?

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list