Debian Bug report logs -
#890779
systemd: CVE-2018-6954: Mishandled sysmlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>:
Bug#890779; Package src:systemd.
(Sun, 18 Feb 2018 20:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>.
(Sun, 18 Feb 2018 20:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: systemd
Version: 236-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/systemd/systemd/issues/7986
Hi,
the following vulnerability was published for systemd, filling this
bug to keep track of the bug in the Debian BTS.
CVE-2018-6954[0]:
| systemd-tmpfiles in systemd through 237 mishandles symlinks present in
| non-terminal path components, which allows local users to obtain
| ownership of arbitrary files via vectors involving creation of a
| directory and a file under that directory, and later replacing that
| directory with a symlink. This occurs even if the fs.protected_symlinks
| sysctl is turned on.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-6954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954
[1] https://github.com/systemd/systemd/issues/7986
Please adjust the affected versions in the BTS as needed (all earlier
versions should be affected).
Regards,
Salvatore
Reply sent
to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(Wed, 07 Mar 2018 23:09:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 07 Mar 2018 23:09:05 GMT) (full text, mbox, link).
Message #10 received at 890779-close@bugs.debian.org (full text, mbox, reply):
Source: systemd
Source-Version: 238-1
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890779@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Mar 2018 23:21:53 +0100
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 238-1
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
libnss-myhostname - nss module providing fallback resolution for the current hostname
libnss-mymachines - nss module to resolve hostnames for local container instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
systemd-tests - tests for systemd
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 890779
Changes:
systemd (238-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 238
- Fixes systemd-tmpfiles to correctly handle symlinks present in
non-terminal path components. (CVE-2018-6954, Closes: #890779)
* Rebase patches
* Use compat symlinks as provided by upstream.
As the upstream build system now creates those symlinks for us, we no
longer have to create them manually.
* Update symbols file for libsystemd0
* test-cgroup-util: bail out when running under a buildd environment
.
[ Dimitri John Ledkov ]
* systemd-sysv-install: Fix name initialisation.
Only initialise NAME after --root optional argument has been parsed,
otherwise NAME is initialized to e.g. `enable`, instead of to the
`unit-name`, resulting in failures. (LP: #1752882)
Checksums-Sha1:
938cd28b6144bc79482c3df2888f73d6556cf973 4846 systemd_238-1.dsc
8179cc62c7f0cb1b61b7fa21e843197229535fe6 6954022 systemd_238.orig.tar.gz
f3f1ef8967fa797a2dacf01f1801aca5f62863cc 134088 systemd_238-1.debian.tar.xz
3a103b057d9c763d1cde648a5478fd6bc23eb709 9424 systemd_238-1_source.buildinfo
Checksums-Sha256:
e818654e5437ee08e68992cdea464b01085b5e6de1a786dd4e78e2ecaf4c3580 4846 systemd_238-1.dsc
bbc8599bab2e3c4273886dfab12464e488ecdaf20b8284949e50f8858de3e022 6954022 systemd_238.orig.tar.gz
8204804653fecdadc824e4cb0cd341a703ed846a87eec11050f67b19df4b149f 134088 systemd_238-1.debian.tar.xz
e3e688bfcecccc4a9e9e8913ed8004ea3f5a7aed841893fb3e141c0ff1254b77 9424 systemd_238-1_source.buildinfo
Files:
e224e439374370d9ed2b8a24fc816e6b 4846 admin optional systemd_238-1.dsc
76db8004647283b779234364cd637d3c 6954022 admin optional systemd_238.orig.tar.gz
69d5b6c7e8038db0544c1617a9a5554d 134088 admin optional systemd_238-1.debian.tar.xz
b9f14e1390fc5c37c29b8f475a64856a 9424 admin optional systemd_238-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlqganAACgkQauHfDWCP
ItwUuQ/+M1RnZgLgRdf4oi4Rnc+oRSTTl3Wx3PAIQICwBlswjjdQGd39Fk75akMd
7Edbr/yjGP6VwMK31JisguJJAngHKYRfeEtiQFV0M4I/D97lfSw+tO/H/edYEGT6
hRmyd4dVjkulchajeYYSK89DBwvAT3UZF5Z01q42lNi50zFPMSVo6YocxO+6vcEM
LdbhUV6fBLd44SPYM36vdwXDfESrnAV+mmNPMFAhsFMm7JOWxTgGmWpPq4gmjuD9
NWjBpXfwFKHZxtxCjVjbUzbD0rbrReYamBzAmtktA3i2CwoP1vBJVvJc3WH9ydRY
tFq0l6qFkPTvvtOizdFU0w0qbOwBv0hnqckFuAc657uOfQ/sOUXKB08hhoz3Dg3W
pgk3yrDMnso8Avdt0tWNv8ZpuTM8DCU2Y8z8A3hgtRgoYHrxBfxzvKNG2+ZML456
jDO9BvTL/MBcOncukxQE145Mg6hQ19hkiu38+neRVgxVNawRNOm4ABDIQvDBflJB
6SMsfd3VOZsERChV2MaKBKufn/ooVjt6F249onN6gxdIwM3lqafdidvWLoh+6o6C
yGsxQXXDc1Fe/RpkPyO/iH4oTTJLTsfKexssiy9Z3RH6rmnzDrVFkU+sbmbC0YB8
1wkZkxm8ouzzLX5X8Lg71aXqbcQOUfi5f6I7qmuwMTokVNdF30A=
=anbu
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 05 Apr 2018 07:27:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:03:42 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon