diff -Nru systemd-237/debian/changelog systemd-237/debian/changelog
--- systemd-237/debian/changelog	2018-07-20 17:13:58.000000000 +0000
+++ systemd-237/debian/changelog	2018-10-31 15:38:31.000000000 +0000
@@ -1,3 +1,12 @@
+systemd (237-3ubuntu10.4) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: buffer overflow in dhcp6 client
+    - debian/patches/CVE-2018-15688.patch:  make sure we have enough space
+      for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
+    - CVE-2018-15688
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 31 Oct 2018 11:38:31 -0400
+
 systemd (237-3ubuntu10.3) bionic; urgency=medium
 
   * debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin
diff -Nru systemd-237/debian/patches/CVE-2018-15688.patch systemd-237/debian/patches/CVE-2018-15688.patch
--- systemd-237/debian/patches/CVE-2018-15688.patch	1970-01-01 00:00:00.000000000 +0000
+++ systemd-237/debian/patches/CVE-2018-15688.patch	2018-10-31 15:38:29.000000000 +0000
@@ -0,0 +1,29 @@
+From 4dac5eaba4e419b29c97da38a8b1f82336c2c892 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 19 Oct 2018 12:12:33 +0200
+Subject: [PATCH 4/5] dhcp6: make sure we have enough space for the DHCP6
+ option header
+
+Fixes a vulnerability originally discovered by Felix Wilhelm from
+Google.
+
+CVE-2018-15688
+LP: #1795921
+https://bugzilla.redhat.com/show_bug.cgi?id=1639067
+---
+ src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: systemd-237/src/libsystemd-network/dhcp6-option.c
+===================================================================
+--- systemd-237.orig/src/libsystemd-network/dhcp6-option.c	2018-10-31 11:38:26.996004319 -0400
++++ systemd-237/src/libsystemd-network/dhcp6-option.c	2018-10-31 11:38:26.988004293 -0400
+@@ -118,7 +118,7 @@ int dhcp6_option_append_ia(uint8_t **buf
+                 return -EINVAL;
+         }
+ 
+-        if (*buflen < len)
++        if (*buflen < offsetof(DHCP6Option, data) + len)
+                 return -ENOBUFS;
+ 
+         ia_hdr = *buf;
diff -Nru systemd-237/debian/patches/series systemd-237/debian/patches/series
--- systemd-237/debian/patches/series	2018-06-22 12:55:09.000000000 +0000
+++ systemd-237/debian/patches/series	2018-10-31 15:38:25.000000000 +0000
@@ -80,3 +80,4 @@
 debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch
 debian/UBUNTU-introduce-TAKE_PTR-macro.patch
 debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch
+CVE-2018-15688.patch