ubuntu/+source/systemd:ubuntu/cosmic-security

Last commit made on 2019-04-08
Get this branch:
git clone -b ubuntu/cosmic-security https://git.launchpad.net/ubuntu/+source/systemd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic-security
Repository:
lp:ubuntu/+source/systemd

Recent commits

25a32e4... by Chris Coulson on 2019-04-03

Import patches-unapplied version 239-7ubuntu10.12 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 05f60c80ca810774ee0022793626f5d4d1aca905

New changelog entries:
  * SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to
    incorrect Policykit authorization
    - debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than
      getenv() in pam_systemd.c
    - CVE-2019-3842

05f60c8... by Balint Reczey on 2019-03-25

Import patches-unapplied version 239-7ubuntu10.11 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 105fb29a5087034f1de86d67e9a2758ee0f3f420

New changelog entries:
  * virt: detect WSL environment as a container (LP: #1816753)

105fb29... by Dan Streetman on 2019-02-28

Import patches-unapplied version 239-7ubuntu10.10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: f8e75d5634904c8e672658856508c3a02f349adb

New changelog entries:
  [ Victor Tapia ]
  * d/p/stop-mount-error-propagation.patch:
    keep mount errors local to the failing mount point instead of
    blocking the processing of all mounts (LP: #1755863)

f8e75d5... by Chris Coulson on 2019-02-12

Import patches-unapplied version 239-7ubuntu10.8 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b9cf19fc2753eaa370e86b822d5edde6acc38db3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted dbus message
    - debian/patches/CVE-2019-6454.patch: sd-bus: enforce a size limit for
      dbus paths, and don't allocate them on the stack
    - debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch:
      sd-bus: if we receive an invalid dbus message, ignore and proceeed
    - CVE-2019-6454
  * Do not remove multiple spaces after identifier in syslog message
    - add debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch

b9cf19f... by Dan Streetman on 2019-01-29

Import patches-unapplied version 239-7ubuntu10.7 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 98feb1a0ca53cbb950e95a2e8cf5e9914e74961b

New changelog entries:
  * d/p/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch
    getaddrinfo() failures when fallback to dns tcp queries, so enable
    edns0 in resolv.conf (LP: #1811471)
  [ Victor Tapia ]
  * d/p/resolved-Increase-size-of-TCP-stub-replies.patch
    dns failures with edns0 disabled and truncated response (LP: #1804487)

98feb1a... by Chris Coulson on 2019-01-09

Import patches-unapplied version 239-7ubuntu10.6 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: cb1e5ce2289a31f11050038bc862b8a55293cb15

New changelog entries:
  * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
    - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
      entry for process commandline on the stack
    - CVE-2018-16864
  * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
    - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
      number of fields (1k)
    - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
      number of fields in a message
    - CVE-2018-16865
  * SECURITY UPDATE: out-of-bounds read in journald
    - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
    - CVE-2018-16866
  * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
    - add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
    - update debian/patches/series
  * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
    - add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
    - update debian/patches/series

cb1e5ce... by Chris Coulson on 2018-11-15

Import patches-unapplied version 239-7ubuntu10.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 93773d1e9c205c9dd5d66350819280748fa17684

New changelog entries:
  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954
  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst

93773d1... by Chris Coulson on 2018-11-06

Import patches-unapplied version 239-7ubuntu10.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 07fbeeaa79fa0fe37f0b603d9854947173f48134

New changelog entries:
  * SECURITY UPDATE: reexec state injection
    - debian/patches/CVE-2018-15686.patch: when deserializing state always use
      read_line(…, LONG_LINE_MAX, …) rather than fgets()
    - CVE-2018-15686
  * SECURITY UPDATE: chown_one() can dereference symlinks
    - debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
    - CVE-2018-15687

07fbeea... by Marc Deslauriers on 2018-10-31

Import patches-unapplied version 239-7ubuntu10.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 643f8a09a16f349d2e52d3178bad8ad71bc67537

New changelog entries:
  * SECURITY UPDATE: buffer overflow in dhcp6 client
    - debian/patches/CVE-2018-15688.patch: make sure we have enough space
      for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
    - CVE-2018-15688

643f8a0... by Dimitri John Ledkov on 2018-10-04

Import patches-unapplied version 239-7ubuntu10 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: bd82250d649a7f80efacb22c708171e5a22286d3

New changelog entries:
  * units: Disable journald Watchdog (LP: #1773148)
  * Add conflicts with upstart and systemd-shim. (LP: #1773859)