Commit 4ba8d497 authored by Marc Deslauriers's avatar Marc Deslauriers Committed by Simon McVittie

Import Debian changes 237-3ubuntu10.4

systemd (237-3ubuntu10.4) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in dhcp6 client
    - debian/patches/CVE-2018-15688.patch:  make sure we have enough space
      for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
    - CVE-2018-15688
parent 50d6b8b6
systemd (237-3ubuntu10.4) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in dhcp6 client
- debian/patches/CVE-2018-15688.patch: make sure we have enough space
for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
- CVE-2018-15688
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 31 Oct 2018 11:38:31 -0400
systemd (237-3ubuntu10.3) bionic; urgency=medium
* debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin
......
From 4dac5eaba4e419b29c97da38a8b1f82336c2c892 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 12:12:33 +0200
Subject: [PATCH 4/5] dhcp6: make sure we have enough space for the DHCP6
option header
Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.
CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
---
src/libsystemd-network/dhcp6-option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: systemd-237/src/libsystemd-network/dhcp6-option.c
===================================================================
--- systemd-237.orig/src/libsystemd-network/dhcp6-option.c 2018-10-31 11:38:26.996004319 -0400
+++ systemd-237/src/libsystemd-network/dhcp6-option.c 2018-10-31 11:38:26.988004293 -0400
@@ -118,7 +118,7 @@ int dhcp6_option_append_ia(uint8_t **buf
return -EINVAL;
}
- if (*buflen < len)
+ if (*buflen < offsetof(DHCP6Option, data) + len)
return -ENOBUFS;
ia_hdr = *buf;
......@@ -80,3 +80,4 @@ debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch
debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch
debian/UBUNTU-introduce-TAKE_PTR-macro.patch
debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch
CVE-2018-15688.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment