FEDORA-2019-18b3a10c7f

security update in Fedora 29 for systemd

Status: stable 7 days ago
  • systemd-journald and systemd-journal-remote reject entries which contain too many fields (CVE-2018-16865, #1664973) and set limits on the process' command line length (CVE-2018-16864, #1664972)
  • Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald (CVE-2018-16866, #1664975)
  • A signal is again used to stop user sessions instead of dbus (#1664491)

No need to log out or reboot.

Comments 9

This update has been submitted for testing by zbyszek.

zbyszek edited this update.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

This update has run normally. systemd would frequently take minutes on "Stopping User Manager for UID 1000..." when shutting down with previous systemd builds which appeared to have been the issue in #1664491. I haven't seen that delay occur when shutting down a few times with this update.

karma: +1 critpath: +1 #1664491: +1 base services start: +1

Works here.

karma: +1 critpath: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Does the system's basic functionality continue to work after this update?
#1664491 Shutdown takes a long time to finish
#1664972 CVE-2018-16864 systemd: stack overflow when calling syslog from a command with long cmdline [fedora-all]
#1664973 CVE-2018-16865 systemd: stack overflow when receiving many journald entries [fedora-all]
#1664975 CVE-2018-16866 systemd: out-of-bounds read when parsing a crafted syslog message [fedora-all]
Test Case Services start
Test Case base service manipulation
Test Case base services start
Test Case base shutdown/reboot
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 9 days ago
in testing 8 days ago
in stable 7 days ago
modified 9 days ago

Related Bugs 4

0+1 #1664491 Shutdown takes a long time to finish
00 #1664972 CVE-2018-16864 systemd: stack overflow when calling syslog from a command with long cmdline [fedora-all]
00 #1664973 CVE-2018-16865 systemd: stack overflow when receiving many journald entries [fedora-all]
00 #1664975 CVE-2018-16866 systemd: out-of-bounds read when parsing a crafted syslog message [fedora-all]

Automated Test Results

Test Cases

00 Test Case Services start
00 Test Case base service manipulation
0+1 Test Case base services start
00 Test Case base shutdown/reboot