[Nottingham] CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message

Jason jasonirwin73 at gmail.com
Mon Feb 18 21:59:32 UTC 2019


You were right, I was thinking of CVE-2019-5736 - https://seclists.org/oss-sec/2019/q1/119


On February 18, 2019 8:58:49 PM UTC, VM <vadim at mankevich.co.uk> wrote:
>This has been patched by RedHat. In Debian an updated version
>232-25+deb9u9 should be available. I think it's different to what
>you're referring to, Jason.
>
>On 18 February 2019 18:14:09 GMT, Jason via Nottingham
><nottingham at mailman.lug.org.uk> wrote:
>>Is that the one which is already patched and requires you to launch a
>>tainted image?
>>
>>On February 18, 2019 5:44:37 PM UTC, VM via Nottingham
>><nottingham at mailman.lug.org.uk> wrote:
>>>https://seclists.org/oss-sec/2019/q1/140
>>>So Martin's criticism of systemd now has actual grounds.
>>>--
>>>vadim at mankevich.co.uk PGP key fingerprint
>>>0xC046022A3A91455AF0C9BB2404BF882B1905C772
>>>Retrieve from https://keybase.io/vmankevich
>>>
>>>"When we take away the right to figure out if something bad is going
>>on
>>>in our computers, the inevitable consequence is that bad things will
>>>happen in our computers." (Cory Doctorow)
>>
>>-- 
>>Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20190218/be619193/attachment-0001.html>


More information about the Nottingham mailing list