FEDORA-2019-18b3a10c7f

security update in Fedora 29 for systemd

Status: stable 8 months ago
  • systemd-journald and systemd-journal-remote reject entries which contain too many fields (CVE-2018-16865, #1664973) and set limits on the process' command line length (CVE-2018-16864, #1664972)
  • Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald (CVE-2018-16866, #1664975)
  • A signal is again used to stop user sessions instead of dbus (#1664491)

No need to log out or reboot.

Comments 9

This update has been submitted for testing by zbyszek.

zbyszek edited this update.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

This update has run normally. systemd would frequently take minutes on "Stopping User Manager for UID 1000..." when shutting down with previous systemd builds which appeared to have been the issue in #1664491. I haven't seen that delay occur when shutting down a few times with this update.

karma: +1 critpath: +1 #1664491: +1 base services start: +1

Works here.

karma: +1 critpath: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 8 months ago
in testing 8 months ago
in stable 8 months ago
modified 8 months ago

Related Bugs 4

0+1 #1664491 Shutdown takes a long time to finish
00 #1664972 CVE-2018-16864 systemd: stack overflow when calling syslog from a command with long cmdline [fedora-all]
00 #1664973 CVE-2018-16865 systemd: stack overflow when receiving many journald entries [fedora-all]
00 #1664975 CVE-2018-16866 systemd: out-of-bounds read when parsing a crafted syslog message [fedora-all]

Automated Test Results

Test Cases

00 Test Case Services start
00 Test Case base service manipulation
0+1 Test Case base services start
00 Test Case base shutdown/reboot