Systemd 241 Being Prepared With "System Down" Security Fixes

Written by Michael Larabel in systemd on 13 January 2019 at 08:00 AM EST. 163 Comments
SYSTEMD
While systemd 240 was released right before Christmas, it looks like systemd 241 will soon be released in order to address the recent "System Down" security vulnerabilities.

In case you missed it from earlier in the week, three vulnerabilities were discovered in systemd's journald: two memory corruption bugs and an information leak due to an out-of-bounds read. These vulnerabilities have been in systemd the past several years and and could enable a local root shell in a matter of minutes on i386 systems or in about an hour on x86_64. Well, except for the likes of Fedora and openSUSE systems that make use of GCC's stack clash protection. Details on those vulnerabilities via Qualys.

The systemd journal code now will reject entries with too many fields as well as setting limits on a process' command line length in order to address CVE-2018-16865 and CVE-2018-16864. Those fixes are in systemd Git now and will be part of the upcoming systemd 241 release.

Other changes currently queued for systemd 241 include allowing the default locale to be configured at compile-time, support for showing the systemd Git commit hash as part of the version string, a new stderr priority option for systemd-cat, an optional initrd file path can be passed to the kernel install script, and the -fPIE option for position-independent executables was punted off to being a Meson option.

The latest systemd Git code for those wanting the fixed-up journald can grab the code for now from systemd on GitHub while waiting for the tagged release.
163 Comments
Related News
systemd In 2023 Added Windows-Inspired "Blue Screen Of Death" & macOS-Inspired T.D.M.
systemd 255 Released With A "Blue Screen of Death" For Linux Systems
systemd 255-rc1 Brings "Blue Screen of Death" Support & New Tool To Spawn VMs
Systemd Working On "Storage Target Mode" Feature - Inspired By Apple macOS
systemd's All Systems Go Conference Returns Next Week
systemd 254 With New Soft Reboots Feature, systemd-battery-check
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"