Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-26
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
Products | Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Systemd |
Type | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/systemd/systemd/pull/10518 |
Links |
• https://usn.ubuntu.com/3807-1/
• https://access.redhat.com/errata/RHSA-2019:0049 • https://usn.ubuntu.com/3806-1/ • http://www.securityfocus.com/bid/105745 • https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html |