On Mon, 10 Jan 2022 19:17:57 +0100 Salvatore Bonaccorso
<car...@debian.org> wrote:
> Source: systemd
> Version: 250.1-2
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/systemd/systemd/pull/22070
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
<t...@security.debian.org>
> Control: found -1 249.7-1
> Control: found -1 247.3-6
> 
> Hi,
> 
> The following vulnerability was published for systemd.
> 
> CVE-2021-3997[0]:
> | Uncontrolled recursion in systemd's systemd-tmpfiles
> 
> Note while the issue while present before is exploitable only after
> upstream commit e535840, and as such can be ignored for buster and
> older. For bullseye it would be ideal to get a fix (via a point
> release?).
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2021-3997
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
> [1] https://github.com/systemd/systemd/pull/22070
> [2] https://www.openwall.com/lists/oss-security/2022/01/10/2
> 
> Regards,
> Salvatore
> 

This is now also fixed in v247.11.

https://github.com/systemd/systemd-stable/releases/tag/v247.11

-- 
Kind regards,
Luca Boccassi

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to