3 matches found
systemd: line splitting via fgets() allows for state injection during daemon-reexec
It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state...
Fedora 28 : systemd (2018-24bd6c9d4a)
Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1643367 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1643372 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1643362 -...
Fedora 29 : systemd (2018-c402eea18b)
Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1639076 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1639071 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1639067 - The DHCP...