Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Sam James &lt;sam () gentoo org&gt;

Date: Tue, 11 Jan 2022 02:55:57 +0000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->

On 10 Jan 2022, at 18:08, Qualys Security Advisory &lt;qsa () qualys com&gt; wrote:

Hi all,

We discovered a minor denial of service (an uncontrolled recursion) in
systemd-tmpfiles, CVE-2021-3997; the Coordinated Release Date is today
(January 10, 2022), and a patch is now available at (many thanks to
Zbigniew Jedrzejewski-Szmek for working on this):
[snip]

For the benefit of distros:

Note that it's been backported in 250.x as 250.2 but there isn't
a stable/backport release for 249.x yet.

Best,
sam
Attachment:
signature.asc
Description: Message signed with OpenPGP

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)

Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)

Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)

Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->