<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Sam James <sam () gentoo org>
Date: Tue, 11 Jan 2022 02:55:57 +0000
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On 10 Jan 2022, at 18:08, Qualys Security Advisory <qsa () qualys com> wrote:
Hi all,
We discovered a minor denial of service (an uncontrolled recursion) in
systemd-tmpfiles, CVE-2021-3997; the Coordinated Release Date is today
(January 10, 2022), and a patch is now available at (many thanks to
Zbigniew Jedrzejewski-Szmek for working on this):
[snip]
For the benefit of distros:
Note that it's been backported in 250.x as 250.2 but there isn't
a stable/backport release for 249.x yet.
Best,
sam
Attachment:
signature.asc
Description: Message signed with OpenPGP
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->