[Buildroot] [PATCH 1/1] package/systemd: add upstream fix for CVE-2018-16864
James Hilliard
james.hilliard1 at gmail.com
Fri Jan 11 11:03:20 UTC 2019
On Fri, Jan 11, 2019 at 3:46 AM Peter Korsgaard <peter at korsgaard.com> wrote:
>
> >>>>> "james" == james hilliard1 <james.hilliard1 at gmail.com> writes:
>
> > From: James Hilliard <james.hilliard1 at gmail.com>
> > Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
> > ---
> > ...-not-store-the-iovec-entry-for-process-co.patch | 205 +++++++++++++++++++++
> > 1 file changed, 205 insertions(+)
> > create mode 100644 package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
>
> > diff --git
> > a/package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
> > b/package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
> > new file mode 100644
> > index 0000000..dbf9bb5
> > --- /dev/null
> > +++ b/package/systemd/0004-journald-do-not-store-the-iovec-entry-for-process-co.patch
> > @@ -0,0 +1,205 @@
> > +From 084eeb865ca63887098e0945fb4e93c852b91b0f Mon Sep 17 00:00:00 2001
> > +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek at in.waw.pl>
> > +Date: Wed, 5 Dec 2018 18:38:39 +0100
> > +Subject: [PATCH] journald: do not store the iovec entry for process
> > + commandline on stack
> > +
> > +This fixes a crash where we would read the commandline, whose length is under
> > +control of the sending program, and then crash when trying to create a stack
> > +allocation for it.
> > +
> > +CVE-2018-16864
> > +https://bugzilla.redhat.com/show_bug.cgi?id=1653855
> > +
> > +The message actually doesn't get written to disk, because
> > +journal_file_append_entry() returns -E2BIG.
> > +
> > +[james.hilliard1 at gmail.com: backport from upstream commit
> > +084eeb865ca63887098e0945fb4e93c852b91b0f]
> > +Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
>
> The "standard way" to backport is to use git cherry-pick -sx which adds
> a line like:
Patch format in buildroot seems to be fairly inconstant. I think this
format was what I was recommended to use last.
>
> (cherry picked from commit 084eeb865ca63887098e0945fb4e93c852b91b0f)
>
> What about CVE-2018-16865, E.G. commit 052c57f132f04a / ef4d6abe7c7fa?
> Do those not apply to 240?
So here https://www.qualys.com/2019/01/09/system-down/system-down.txt it says:
"CVE-2018-16865 was introduced in December 2011 (systemd v38) and became
exploitable in April 2013 (systemd v201). CVE-2018-16866 was introduced
in June 2015 (systemd v221) and was inadvertently fixed in August 2018."
So my assumption was that we didn't need patches for CVE-2018-16865
since systemd 240 was released in Dec 2018.
>
> --
> Bye, Peter Korsgaard
More information about the buildroot
mailing list