From: bugzilla@busybox.net
To: buildroot@uclibc.org
Subject: [Buildroot] [Bug 14056] New: CVE-2021-33910 [SYSTEMD] Memory Allocation with an Excessive Size Value that results in an operating system crash.
Date: Sat, 15 Jun 2024 14:59:26 +0000 [thread overview]
Message-ID: <bug-14056-163@https.bugs.busybox.net/> (raw)
https://bugs.busybox.net/show_bug.cgi?id=14056
Bug ID: 14056
Summary: CVE-2021-33910 [SYSTEMD] Memory Allocation with an
Excessive Size Value that results in an operating
system crash.
Product: buildroot
Version: unspecified
Hardware: All
OS: Linux
Status: RESOLVED
Severity: critical
Priority: P5
Component: Other
Assignee: unassigned@buildroot.uclibc.org
Reporter: francisjy.hu@moxa.com
CC: buildroot@uclibc.org, yann.morin.1998@free.fr
Target Milestone: ---
Status: RESOLVED
CC: yann.morin.1998@free.fr
Resolution: MOVED
Hi:
There is an systemd issue reported by NVD in
https://nvd.nist.gov/vuln/detail/CVE-2021-33910.
The hyper link is shown below.
https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
The issue description:
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a
Memory Allocation with an Excessive Size Value (involving strdupa and alloca
for a pathname controlled by a local attacker) that results in an operating
system crash.
--- Comment #1 from Fabrice Fontaine <fontaine.fabrice@gmail.com> ---
systemd has been bumped to version 249.1 since July 20 and
https://git.buildroot.net/buildroot/commit/?id=fbd9566220f2812baeff5dbd727bfc30fe4e93ea
so master is not affected by this CVE.
However, LTS branches are still using version 247.3, they should be bumped to
247.9.
--- Comment #2 from Yann E. MORIN <yann.morin.1998@free.fr> ---
Thank you for your report.
The issue tracker for the Buildroot project has been moved to
the Gitlab.com issue tracker:
https://gitlab.com/buildroot.org/buildroot/-/issues
We are taking this opportunity to close old issues in this old
tracker. If you believe your issue is still relevant, please
open one in the new issue tracker.
Thank you!
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
reply other threads:[~2024-06-15 14:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-14056-163@https.bugs.busybox.net/ \
--to=bugzilla@busybox.net \
--cc=buildroot@uclibc.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox