Bugzilla – Bug 1113632
VUL-0: CVE-2018-15688: systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
Last modified: 2019-11-15 07:54:40 UTC
I couldn't find her a bug report in which this is fixed. Here is the info about CVE-2018-15688: https://security-tracker.debian.org/tracker/CVE-2018-15688 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688 https://news.slashdot.org/story/18/10/27/196227/new-systemd-vulnerability-discovered
Thanks for bringing this to our attention. Our tracking has picked it up in the mean time. The GitHub issue dealing with this is: https://github.com/systemd/systemd/pull/10518
Affected codestreams: SUSE:SLE-12-SP2:Update SUSE:SLE-15:Update Not affected: SUSE:SLE-12:Update The affected code was introduced upstream with f12ed3bf0b315fc88d5fbdf5bdca14b218c86e0c, which first appeared in v215.
Fix bacported to all supported distros. Hence re-assigning to the secteam.
SUSE-SU-2018:3644-1: An update that solves two vulnerabilities and has 16 fixes is now available. Category: security (important) Bug References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901 CVE References: CVE-2018-15686,CVE-2018-15688 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): systemd-234-24.15.1, systemd-mini-234-24.15.1 SUSE Linux Enterprise Module for Basesystem 15 (src): systemd-234-24.15.1
openSUSE-SU-2018:3695-1: An update that solves two vulnerabilities and has 16 fixes is now available. Category: security (important) Bug References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901 CVE References: CVE-2018-15686,CVE-2018-15688 Sources used: openSUSE Leap 15.0 (src): systemd-234-lp150.20.9.1, systemd-mini-234-lp150.20.9.1
SUSE-SU-2018:3767-1: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1106923,1108835,1109252,1110445,1111278,1112024,1113083,1113632,1113665 CVE References: CVE-2018-15686,CVE-2018-15688 Sources used: SUSE OpenStack Cloud 7 (src): systemd-228-150.53.3 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): systemd-228-150.53.3 SUSE Linux Enterprise Server for SAP 12-SP2 (src): systemd-228-150.53.3 SUSE Linux Enterprise Server 12-SP3 (src): systemd-228-150.53.3 SUSE Linux Enterprise Server 12-SP2-LTSS (src): systemd-228-150.53.3 SUSE Linux Enterprise Server 12-SP2-BCL (src): systemd-228-150.53.3 SUSE Linux Enterprise Desktop 12-SP3 (src): systemd-228-150.53.3 SUSE Enterprise Storage 4 (src): systemd-228-150.53.3 SUSE CaaS Platform ALL (src): systemd-228-150.53.3 SUSE CaaS Platform 3.0 (src): systemd-228-150.53.3 OpenStack Cloud Magnum Orchestration 7 (src): systemd-228-150.53.3
openSUSE-SU-2018:3803-1: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1106923,1108835,1109252,1110445,1111278,1112024,1113083,1113632,1113665 CVE References: CVE-2018-15686,CVE-2018-15688 Sources used: openSUSE Leap 42.3 (src): systemd-228-62.1, systemd-mini-228-62.1
SUSE-SU-2018:3767-2: An update that solves two vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1106923,1108835,1109252,1110445,1111278,1112024,1113083,1113632,1113665 CVE References: CVE-2018-15686,CVE-2018-15688 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): systemd-228-150.53.3 SUSE Linux Enterprise Server 12-SP4 (src): systemd-228-150.53.3 SUSE Linux Enterprise Desktop 12-SP4 (src): systemd-228-150.53.3
released