This bug was fixed in the package systemd - 237-3ubuntu10.11
---------------
systemd (237-3ubuntu10.11) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption in journald via attacker controlled
alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
entry for process commandline on the stack
- CVE-2018-16864
* SECURITY UPDATE: memory corruption in journald via attacker controlled
alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
number of fields in a message
- CVE-2018-16865
* SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix
syslog_parse_identifier()
- CVE-2018-16866
* Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
- add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
- update debian/patches/series
* Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell
scripts
- add
debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
- update debian/patches/series
-- Chris Coulson <chris.coul...@canonical.com> Wed, 09 Jan 2019
15:11:53 +0000
** Changed in: systemd (Ubuntu Bionic)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16864
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16865
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16866
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1804603
Title:
systemd-tmpfiles-setup.service fails on btrfs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804603/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
