http://bugzilla.suse.com/show_bug.cgi?id=956712 http://bugzilla.suse.com/show_bug.cgi?id=956712#c1 Thomas Blume changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |thomas.blume@suse.com --- Comment #1 from Thomas Blume --- (In reply to Alexander Bergmann from comment #0)

Only Factory is affected:

rh#1284642

A stack-based buffer overflow vulnerability was found in getpwnam()/getgrnam() functions of NSS module nss-mymachines provided by systemd.

This report is invalid for Leap since it runs systemd v210, which doesn't contain this module. The nss-mymachines module was added in systemd v216: -->-- CHANGES WITH 216: [...] * A new NSS module nss-mymachines has been added, that automatically resolves the names of all local registered containers to their respective IP addresses. --<-- So, it is valid for tumbleweed/factory. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=956712 http://bugzilla.suse.com/show_bug.cgi?id=956712#c3 --- Comment #3 from Thomas Blume --- Created attachment 657850 --> http://bugzilla.suse.com/attachment.cgi?id=657850&action=edit test output Test on current factory: kvm129:/tmp/screenlog> cat /etc/SuSE-release openSUSE 20151123 (x86_64) VERSION = 20151123 CODENAME = Tumbleweed Result: not affected -- You are receiving this mail because: You are on the CC list for the bug.