aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXi Ruoyao <xry111@xry111.site>2023-12-31 02:04:21 +0800
committerXi Ruoyao <xry111@xry111.site>2023-12-31 02:35:25 +0800
commit8b4fb1245dcde0370bb84c2653e3e9bb01cbae87 (patch)
tree2b833cb569b364d6b966f7519d08c8be733247b0
parentd4ce302c0e94aa2aea766eb14f78c965b823360c (diff)
systemd: Fix CVE-2023-7008 (#5405)
-rw-r--r--chapter01/changelog.xml4
-rw-r--r--chapter08/systemd.xml7
2 files changed, 11 insertions, 0 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index fef105ece..756e9d5fc 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -44,6 +44,10 @@
<para>2023-12-31</para>
<itemizedlist>
<listitem>
+ <para>[xry111] - Fix CVE-2023-7008 for systemd-255. Fixes
+ <ulink url='&lfs-ticket-root;5405'>#5405</ulink>.</para>
+ </listitem>
+ <listitem>
<para>[xry111] - Update to iana-etc-20231205. Addresses
<ulink url='&lfs-ticket-root;5006'>#5006</ulink>.</para>
</listitem>
diff --git a/chapter08/systemd.xml b/chapter08/systemd.xml
index 58ede8508..de5a668d1 100644
--- a/chapter08/systemd.xml
+++ b/chapter08/systemd.xml
@@ -48,6 +48,13 @@
<screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
-e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
+ <!-- https://github.com/systemd/systemd/pull/30549 -->
+ <para>Now fix a security vulnerability in the DNSSEC verification of
+ <command>systemd-resolved</command>:</para>
+
+<screen><userinput remap='pre'>sed -e '/return FLAGS_SET.*AUTHENTICATED/s/(t/(dt/' \
+ -i src/resolve/resolved-dns-transaction.c</userinput></screen>
+
<para>Prepare systemd for compilation:</para>
<screen><userinput remap="configure">mkdir -p build