CVE-2013-4391

Published: 28 October 2013

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

Priority

Status

Package	Release	Status
systemd Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Not vulnerable (198-0ubuntu11.2)
	upstream	Needs triage
	Patches: upstream: http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e

References

https://www.cve.org/CVERecord?id=CVE-2013-4391
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=859051
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›