oss-sec mailing list archives

Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles

From: Sam James <sam () gentoo org>
Date: Tue, 11 Jan 2022 00:01:34 +0000

On 10 Jan 2022, at 18:08, Qualys Security Advisory <qsa () qualys com> wrote:

Hi all,

We discovered a minor denial of service (an uncontrolled recursion) in
systemd-tmpfiles, CVE-2021-3997; the Coordinated Release Date is today
(January 10, 2022), and a patch is now available at (many thanks to
Zbigniew Jedrzejewski-Szmek for working on this):

https://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf
[...]


Thanks.

Fix commit (as you linked): https://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf
Backport release for 250.x: 250.2 (see https://github.com/systemd/systemd-stable/compare/v250.1...v250.2)
Backport release for 249.x: pending

Best,
sam

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)