[Debian] Medium CVE: CVE-2022-3821/CVE-2022-4415: systemd: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Li Zhou |
Bug Description
CVE-2022-3821: https:/
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
CVE-2022-4415: https:/
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Base Score: Medium
Reference:
https:/
https:/
A source package in integ repository
systemd_
information type: | Public → Public Security |
Changed in starlingx: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → Li Zhou (lzhou2) |
Fixed by: https:/ /review. opendev. org/c/starlingx /integ/ +/887349 which merged on July 11