[OE-core] [PATCH] systemd: fix CVE-2019-6454
george.mccollister at gmail.com
Fri Feb 22 17:13:02 UTC 2019
I believe this was discussed before and the recommendation was to wait
until 241 to be release. In any case I currently have no interest in
upgrading it. My main motivation is to patch this CVE in sumo but
maintainers seem to want it in master first (even though different
version of the patches are required).
On Fri, Feb 22, 2019 at 11:04 AM Alexander Kanavin
<alex.kanavin at gmail.com> wrote:
> On Fri, 22 Feb 2019 at 17:55, George McCollister
> <george.mccollister at gmail.com> wrote:
> > Apply patches from systemd_239-7ubuntu10.8 to fix CVE-2019-6454.
> > CVE-2019-6454 is an issue in which systemd (PID1) can be crashed with a
> > specially formed D-Bus message.
> > +
> > +For information see:
> > +https://usn.ubuntu.com/3891-1/
> > +https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb
> > +
> > +CVE: CVE-2019-6454
> > +Upstream-Status: Backport
> It would be better to update systemd to latest upstream release, are
> you able to do this?
More information about the Openembedded-core