Bug 1380286 (CVE-2016-7795)
Summary: | CVE-2016-7795 systemd: Assertion failure when PID 1 receives a zero-length message over notify socket | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aglotov, anemec, apmukher, brubisch, charlieb-fedora-bugzilla, cperry, dwood, ilmis, johannbg, jpazdziora, jwright, ldixon, lnykryn, msekleta, muadda, muhammad.zali, pdwyer, pieter.baele, pkenyon, qguo, redhat-bugzilla, rsawhill, sauchter, security-response-team, slawomir, sreber, ssahani, s, syangsao, systemd-maint-list, systemd-maint, ykawada, zbyszek, zpytela |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-09 21:02:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1380175, 1380287, 1381573, 1382284 | ||
Bug Blocks: | 1380288 |
Description
Adam Mariš
2016-09-29 08:22:54 UTC
Created systemd tracking bugs for this issue: Affects: fedora-all [bug 1380287] This fix was applied upstream: https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020 Upstream bug also indicates that the problem was likely introduced via this change, added in v219: https://github.com/systemd/systemd/commit/d875aa8ce10b458dc218c0d98f4a82c8904d6d03 Additional upstream fixes: https://github.com/systemd/systemd/commit/9987750e7a4c62e0eb8473603150596ba7c3a015 https://github.com/systemd/systemd/commit/8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4 The second commit reverts the original fix linked in comment 3. CVE-2016-7796 was moved to a separate bug 1381911, as those CVEs affect different systemd versions. Only the fix for CVE-2016-7796 make the assert causing CVE-2016-7795 reachable. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2610 https://rhn.redhat.com/errata/RHSA-2016-2610.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Extended Update Support Via RHSA-2016:2694 https://rhn.redhat.com/errata/RHSA-2016-2694.html |