Control: tags -1 + fixed-upstream Hi,
For completeness the following additional point: On Wed, Feb 05, 2020 at 02:20:14PM +0100, Salvatore Bonaccorso wrote: > The following vulnerability was published for systemd, filling bug to > track the issue in BTS. Raised severity to RC, although the question > on DSA/no-dsa can be handled ortogonal to it. > > CVE-2020-1712[0]: > heap use-after-free vulnerability systemd-machined was one of the target services which could be exploitable. Red Hat bug vies a hint on which other services are targets. Vulnerable Dbus methods have: 1) a "find" function for the associated object (e.g. image_object_find) that configures a temporary cache and setups a "defer_event" which frees the elements in the cache 2) a call to bus_verify_polkit_async() in the handler of the method (e.g. bus_image_method_clone) 3) SD_BUS_VTABLE_UNPRIVILEGED as one of the specified flags https://bugzilla.redhat.com/show_bug.cgi?id=1794578#c10 The upstream fix was merged in v245-rc1. Regards, Salvatore