![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles
From: Sam James <sam () gentoo org>
Date: Tue, 11 Jan 2022 00:01:34 +0000
On 10 Jan 2022, at 18:08, Qualys Security Advisory <qsa () qualys com> wrote: Hi all, We discovered a minor denial of service (an uncontrolled recursion) in systemd-tmpfiles, CVE-2021-3997; the Coordinated Release Date is today (January 10, 2022), and a patch is now available at (many thanks to Zbigniew Jedrzejewski-Szmek for working on this): https://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf [...]
Thanks. Fix commit (as you linked): https://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf Backport release for 250.x: 250.2 (see https://github.com/systemd/systemd-stable/compare/v250.1...v250.2) Backport release for 249.x: pending Best, sam
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)