|
Message-Id: <F97E792C-1249-4C6C-A1B2-23A2A835A941@gentoo.org>
Date: Tue, 11 Jan 2022 00:01:34 +0000
From: Sam James <sam@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2021-3997: Uncontrolled recursion in systemd's
systemd-tmpfiles
> On 10 Jan 2022, at 18:08, Qualys Security Advisory <qsa@...lys.com> wrote:
>
> Hi all,
>
> We discovered a minor denial of service (an uncontrolled recursion) in
> systemd-tmpfiles, CVE-2021-3997; the Coordinated Release Date is today
> (January 10, 2022), and a patch is now available at (many thanks to
> Zbigniew Jedrzejewski-Szmek for working on this):
>
> https://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf
> [...]
Thanks.
Fix commit (as you linked): https://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf
Backport release for 250.x: 250.2 (see https://github.com/systemd/systemd-stable/compare/v250.1...v250.2)
Backport release for 249.x: pending
Best,
sam
Download attachment "signature.asc" of type "application/pgp-signature" (619 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.