Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Various systemd vulnerabilities
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Various systemd vulnerabilities
The bloated code base of systemd hides many potential vulnerabilities, some new ones have just been uncovered:
https://security-tracker.debian.org/tra ... 2018-16864
https://security-tracker.debian.org/tra ... 2018-16865
https://security-tracker.debian.org/tra ... 2018-16866
Hopefully they'll be fixed soon.
https://security-tracker.debian.org/tra ... 2018-16864
https://security-tracker.debian.org/tra ... 2018-16865
https://security-tracker.debian.org/tra ... 2018-16866
Hopefully they'll be fixed soon.
deadbang
Re: Various systemd vulnerabilities
doesn't ipleak.net say it all? ( icon for groooan here)
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.
Re: Various systemd vulnerabilities
Well thanks for the heads-up, my first reaction was check the backport ver, but it's 239 and the problems have been fixed in ver 240 FWICT?
Even if we get these fixed, I'm thinking yeah maybe tip of the iceberg. Hard to find the bugs, hard to implement the fixes. Some of these go way back.
I didn;t spend any time at all trying to understand what the bugs are or how serious or anything... why bother? nothing to do about it anyway.
Even if we get these fixed, I'm thinking yeah maybe tip of the iceberg. Hard to find the bugs, hard to implement the fixes. Some of these go way back.
I didn;t spend any time at all trying to understand what the bugs are or how serious or anything... why bother? nothing to do about it anyway.
resigned by AI ChatGPT
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Various systemd vulnerabilities
Before we all get carried away, please note that the vulnerabilities are local in nature unless systemd-journal-remote is enabled, which is unlikely.
deadbang
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: Various systemd vulnerabilities
Chill your horses, the vulns are fixed:
https://lists.debian.org/debian-securit ... 00005.html
And we are all alive.
https://lists.debian.org/debian-securit ... 00005.html
And we are all alive.
- sunrat
- Administrator
- Posts: 6412
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 116 times
- Been thanked: 462 times
Re: Various systemd vulnerabilities
Thank $(deity)! I dread the day systemd causes the end of the human race as seemingly predicted by some correspondents. We all thought it would be climate change, pollution, or global nuclear war.Wheelerof4te wrote:Chill your horses, the vulns are fixed:
https://lists.debian.org/debian-securit ... 00005.html
And we are all alive.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Re: Various systemd vulnerabilities
That's great. Thanks for keeping people aware of the work being done.
https://bugs.debian.org/cgi-bin/pkgrepo ... t=unstable
https://github.com/systemd/systemd/issues
https://bugs.debian.org/cgi-bin/pkgrepo ... t=unstable
https://github.com/systemd/systemd/issues
resigned by AI ChatGPT
-
- Posts: 1394
- Joined: 2007-03-04 21:10
- Location: U.S.A. - WI.
Re: Various systemd vulnerabilities
Head_on_a_Stick wrote:Before we all get carried away, please note that the vulnerabilities are local in nature unless systemd-journal-remote is enabled, which is unlikely.
Thank the gods and goddesses, I mean it's not like most of these machines are connected to the internet and every single exploit to shell as a user has been patched on these multiuser machines! Wait, you mean there are other bugs that allow a remote attacker to get a local shell?
Oh wait. Any vulnerability in some random piece of software that lets a remote attacker get a limited shell on a system is *drum roll* all of a sudden a local presence. And now able to gain root with these exploits. Way to understand what's going on here.
Here's hoping the bugfixes don't insert new bugs, but I won't hold my breath.
fortune -o
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Various systemd vulnerabilities
Just for the record: I don't understand the vulnerabilities at all, nor have I claimed to. I was just letting people know about them.pendrachken wrote:Way to understand what's going on here
Btw you have some spittle on your chin, perhaps wipe it off?
deadbang
Re: Various systemd vulnerabilities
every little bit helps of course the (gernerally accepted) global business model don't leave much room for anything that doesn't add $$ to the cook bookssunrat wrote:Thank $(deity)! I dread the day systemd causes the end of the human race as seemingly predicted by some correspondents. We all thought it would be climate change, pollution, or global nuclear war.Wheelerof4te wrote:Chill your horses, the vulns are fixed:
https://lists.debian.org/debian-securit ... 00005.html
And we are all alive.
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.
-
- Posts: 1394
- Joined: 2007-03-04 21:10
- Location: U.S.A. - WI.
Re: Various systemd vulnerabilities
Head_on_a_Stick wrote:Just for the record: I don't understand the vulnerabilities at all, nor have I claimed to. I was just letting people know about them.pendrachken wrote:Way to understand what's going on here
Btw you have some spittle on your chin, perhaps wipe it off?
Well then you are contributing to the problem. If you "don't understand" whats going on don't say "everything's fine, nothing to worry about". Especially when there actually ARE issues that should worry anyone who looks at the actual vulnerabilities for more than half a second.
fortune -o
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Various systemd vulnerabilities
And where did I say that?pendrachken wrote:don't say "everything's fine, nothing to worry about"
I linked to the actual bug reports in the OP, the post which attracted your ire was an attempt to stop the tin-foil hat wearing conspiracy theorist nutcases from hi-jacking the thread.
Also, what problem, exactly? Have you run out of tin-foil?
deadbang
-
- Posts: 1394
- Joined: 2007-03-04 21:10
- Location: U.S.A. - WI.
Re: Various systemd vulnerabilities
Are you intentionally being obtuse?
Let's see, you said:
[quote]
Before we all get carried away, please note that the vulnerabilities are LOCAL in nature unless systemd-journal-remote is enabled, which is unlikely.
[/code]
Emphasis added. You completely ignore that it is a local SHELL that can be elevated.
Yeah, I'm almost out of tin foil because I know that there are still tons of vulnerabilities in systems that can lead to a local shell escape. Silly me for thinking logically that an attacker on my systems would not stop at a single exploit
Let's see, you said:
[quote]
Before we all get carried away, please note that the vulnerabilities are LOCAL in nature unless systemd-journal-remote is enabled, which is unlikely.
[/code]
Emphasis added. You completely ignore that it is a local SHELL that can be elevated.
Yeah, I'm almost out of tin foil because I know that there are still tons of vulnerabilities in systems that can lead to a local shell escape. Silly me for thinking logically that an attacker on my systems would not stop at a single exploit
fortune -o
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Various systemd vulnerabilities
Did I question your assertion?pendrachken wrote:You completely ignore that it is a local SHELL that can be elevated
My statement was taken from the Debian bug reports, perhaps go whine at them instead?
Please refrain from further off-topic posting else the thread will be locked.
deadbang
-
- Posts: 1394
- Joined: 2007-03-04 21:10
- Location: U.S.A. - WI.
Re: Various systemd vulnerabilities
Go ahead and lock it, see if I care.
Correcting misinformation is not offtopic. It is extremely ON topic. I'll call out B.S. when I see it, golinux might miss dasein, but I will always channel my inner RickH.
Correcting misinformation is not offtopic. It is extremely ON topic. I'll call out B.S. when I see it, golinux might miss dasein, but I will always channel my inner RickH.
fortune -o
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Your love life will be... interesting.
How did it know?
The U.S. uses the metric system too, we have tenths, hundredths and thousandths of inches
Re: Various systemd vulnerabilities
It nearly seems bald-faced to mention someone like dasein in the same sentence as rickh.pendrachken wrote:Go ahead and lock it, see if I care.
Correcting misinformation is not offtopic. It is extremely ON topic. I'll call out B.S. when I see it, golinux might miss dasein, but I will always channel my inner RickH.
But sure, good point.