oss-sec mailing list archives

Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles

From: Sam James <sam () gentoo org>
Date: Tue, 11 Jan 2022 02:55:57 +0000

On 10 Jan 2022, at 18:08, Qualys Security Advisory <qsa () qualys com> wrote:

Hi all,

We discovered a minor denial of service (an uncontrolled recursion) in
systemd-tmpfiles, CVE-2021-3997; the Coordinated Release Date is today
(January 10, 2022), and a patch is now available at (many thanks to
Zbigniew Jedrzejewski-Szmek for working on this):
[snip]


For the benefit of distros:

Note that it's been backported in 250.x as 250.2 but there isn't
a stable/backport release for 249.x yet.

Best,
sam

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Qualys Security Advisory (Jan 10)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Sam James (Jan 11)
- Re: CVE-2021-3997: Uncontrolled recursion in systemd's systemd-tmpfiles Solar Designer (Feb 18)