jsbjsb001 |
10-27-2018 09:34 PM |
I'm not sure how it's much if any different to say the kernel having some kind of bug that allows code execution, etc. It should also be noted that even in the first link supplied, it links a Red Hat bug report for this bug. Which says it was reported on the 2018-10-14, and was updated yesterday.
From the first link in post #1;
Quote:
Systemd creator Leonard Poettering has already published a security fix for the vulnerable component – this should be weaving its way into distros as we type.
|
While CentOS does use IPv6 by default (you can disable it AFAIK), the "networkd" systemd service is not installed from what yum tells me, and systemctl can't find any service by that name either. Therefore from what I can see, it's only the "networkd" systemd service, and IPv6 that's affected by this bug at this point. In which case systemd itself isn't affected by this, at this point, and on what I currently know.
Don't get me wrong; systemd to me is just another init system, I'm no hater or fan of it, but this thread does feel like something to the effect of "hahaha systemd has a serious security flaw". I don't think it's helpful to spread the idea that 1 security bug with 1 particular systemd service means that systemd itself must be full of bugs. Any piece software can have bugs in it and every piece of software at some point in time, has had bugs in it.
|