Source: systemd Version: 232-25 Severity: important Tags: security upstream Control: found -1 232-25+deb9u4 Control: found -1 239-10
Hi, The following vulnerability was published for systemd. CVE-2018-15688[0]: | A buffer overflow vulnerability in the dhcp6 client of systemd allows | a malicious dhcp6 server to overwrite heap memory in systemd-networkd. | Affected releases are systemd: versions up to and including 239. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-15688 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1639067 [2] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921 [3] https://github.com/systemd/systemd/commit/49653743f69658aeeebdb14faf1ab158f1f2cb20 Please adjust the affected versions in the BTS as needed, both stretch up to sid should be affected source wise, we do though not enable systemd-networkd by default. Regards, Salvatore _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
