group.of.nepali.translators team mailing list archive

[Launchpad Bug Tracker <1709649@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package systemd - 229-4ubuntu21.1

---------------
systemd (229-4ubuntu21.1) xenial-security; urgency=medium

  * SECURITY UPDATE: remote DoS in resolved (LP: #1725351)
    - debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
      dns types in src/resolve/resolved-dns-packet.c.
    - CVE-2017-15908
  * SECURITY UPDATE: access to automounted volumes can lock up
    (LP: #1709649)
    - debian/patches/CVE-2018-1049.patch: ack automount requests even when
      already mounted in src/core/automount.c.
    - CVE-2018-1049

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 01 Feb 2018
07:42:30 -0500

** Changed in: systemd (Ubuntu Xenial)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15908

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1049

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1709649

Title:
  229 backport for  race between explicit mount and handling automount

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Fix Released
Status in systemd source package in Zesty:
  Fix Released
Status in systemd source package in Artful:
  Fix Released

Bug description:
  [Impact]
  In systemd prior to 234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, until mount points are unmounted.

  [Testcase]
  Create a race between .mount and .automount units, such that automout request is serviced after .mount unit has been started. Observe a hang.
  More detailed steps are available at https://github.com/systemd/systemd/pull/5916

  [Butfix]
  Cherrypick upstream commit https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318

  [Regression Potential]
  The underlying logic of starting/stopping/triggering units is unchanged. However, there the logic as to when to send automout_send_ready() is relaxed, such that it is always sent whenever unit is already mounted. This is done to explicitly cope with late arrival of the incoming [aircraft] automount request.

  [Original Bug report / request]

  Hi,

  We have a blocking issue in systemd for the following release

  ```
  NAME="Ubuntu"
  VERSION="16.04.3 LTS (Xenial Xerus)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 16.04.3 LTS"
  VERSION_ID="16.04"
  HOME_URL="http://www.ubuntu.com/";
  SUPPORT_URL="http://help.ubuntu.com/";
  BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/";
  VERSION_CODENAME=xenial
  UBUNTU_CODENAME=xenial
  ```

  This release runs systemd229, we are affected by the following auto-
  mouting race condition

  ```
  https://github.com/systemd/systemd/pull/5916
  ```

  Is back porting  the fix to the release 229 an option?

  Regards.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649/+subscriptions