[systemd-devel] Looking for known memory leaks triggered by stress testing add/remove/up/down interfaces
Robert P. J. Day
rpjday at crashcourse.ca
Fri Feb 19 10:43:11 UTC 2021
On Fri, 19 Feb 2021, Reindl Harald wrote:
>
>
> Am 19.02.21 um 11:28 schrieb Robert P. J. Day:
> > I *may* have found the problem ... as one can read here:
> >
> > https://access.redhat.com/solutions/3840481
> >
> > "CVE-2019-3815 systemd: memory leak in journald-server.c introduced by
> > fix for CVE-2018-16864"
> >
> > So as I interpret that, a memory leak introduced by that earlier CVE
> > had to be corrected by that later CVE. I checked the state of
> > systemd_230 as shipped by WRL9, and it comes with an extensive set of
> > patches, which includes the earlier CVE, but *not* the later one.
> >
> > Hmmmmmmm ...
>
> that one should have been fixed long ago
> https://bugzilla.redhat.com/show_bug.cgi?id=1665931
yes, that fix is from a while ago, but the issue here is that it
wasn't incorporated in the patch set for wind river linux 9, which is
a few years old, so it's not at all surprising that WRL9 is not
keeping up with current patches.
rday
More information about the systemd-devel
mailing list