Arch Linux alert ASA-202107-57 (systemd)
| From: | Jonas Witschel via arch-security <arch-security@lists.archlinux.org> | |
| To: | arch-security@lists.archlinux.org | |
| Subject: | [ASA-202107-57] systemd: denial of service | |
| Date: | Thu, 22 Jul 2021 17:51:45 +0200 | |
| Message-ID: | <20210722155145.iiv2h2aojyzllp5e@archlinux.org> | |
| Cc: | Jonas Witschel <diabonas@archlinux.org> |
Arch Linux Security Advisory ASA-202107-57 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-33910 Package : systemd Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-2179 Summary ======= The package systemd before version 249.1-1 is vulnerable to denial of service. Resolution ========== Upgrade to 249.1-1. # pacman -Syu "systemd>=249.1-1" The problem has been fixed upstream in version 249.1. Workaround ========== None. Description =========== A denial of service security issue has been found in systemd before version 249.1. A local attacker who is able to mount a filesystem with a very long path can crash systemd and the whole system through an attacker-controlled alloca(). Impact ====== A local unprivileged attacker who is able to mount a filesystem with a very long path can crash systemd and therefore the whole system. References ========== https://www.qualys.com/2021/07/20/cve-2021-33910/denial-o... https://www.qualys.com/2021/07/20/cve-2021-33910/cve-2021... https://bugzilla.redhat.com/show_bug.cgi?id=1970887 https://github.com/systemd/systemd/pull/20256 https://github.com/systemd/systemd/commit/441e0115646d54f... https://github.com/systemd/systemd-stable/commit/764b7411... https://security.archlinux.org/CVE-2021-33910