Bug 1085120

Summary: SystemD still vulnerable to buff. overflow in password entry
Product: [Fedora] Fedora Reporter: Roy <nouveau>
Component: systemdAssignee: systemd-maint
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 20CC: johannbg, lnykryn, msekleta, plautrba, skottler, systemd-maint, vpavlin, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-08 08:51:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Roy 2014-04-07 21:28:48 UTC
Description of problem:
Judging by the patch on http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189 , systemd was vulnerable to a buffer overflow. To this day, there has been no sign of back-porting this patch to Fedora (no builds on Koji for F19 or F20 since releasing this patch), even though it seems to be a serious security risk at first sight: a buffer overflow in a program running with root privileges.
Please either confirm that this bug could never be triggered in Fedora 20, or back-port this fix. Thanks.

Version-Release number of selected component (if applicable):

Comment 1 Roy 2014-04-08 08:51:53 UTC

*** This bug has been marked as a duplicate of bug 1084286 ***