Debian alert DLA-4533-1 (systemd)
| From: | Arnaud Rebillout <arnaudr@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4533-1] systemd security update | |
| Date: | Wed, 15 Apr 2026 12:26:05 +0700 | |
| Message-ID: | <e993c0c1b92a7bc45ccae03ef85a9e4a@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4533-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Arnaud Rebillout April 15, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : systemd Version : 247.3-7+deb11u8 CVE ID : CVE-2026-4105 CVE-2026-29111 CVE-2026-40225 CVE-2026-40226 Debian Bug : The following vulnerabilities have been discovered systemd: CVE-2026-4105 The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system. CVE-2026-29111 When an unprivileged IPC API call is made with spurious data, a stack overwrite occurs, with the attacker controlled content. CVE-2026-40225 udev: local root execution can occur via malicious hardware devices and unsanitized kernel output. CVE-2026-40226 nspawn: an escape-to-host action can occur via a crafted optional config file. For Debian 11 bullseye, these problems have been fixed in version 247.3-7+deb11u8. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmnfIWwACgkQ5yXoeRRg AhbJBw//ag1G7xRlGoXyDcXM8cjH8/vjGs7282FGNjydjYn8aDcY14HuUBERPcP8 1vu5b2kLJoEBV3wNpqtbr1qSVfPoyuGlEk8YNKAmk5epkKgauLQTGldz5A2K5b5m 8aK2kNrypAIzdnpwS0iyVY857iJ+sbvLonw4pzqVsMQUcBzLtLZfW1PFaV10tP3h hP1o2Gb+lqr1uFh0Vh65Nu/d4IQFA/+5l6gnXsWVdgPAK/hbepTAVgK6HC+pr0iT MUovgHszT0Ogqhjae3LbvtYR6a1MgMTws72c5jsC1N+cn5ro0m/aDqJStWNJEo3u jJ/drHq+JNzfuc2c9zZ3j3yz2DNdi6kn3rMngUKq9xeyO/3DAzK+y43WDmvWQzOF AHo7mpIKU18TIdQe9LAyVJuQ90qrVyDF/goDlOEHGCXdoVflkCxtduuSGHClxK0o LxhS32r3jJQkglZxO9eaE+GV7HrdLjNT1EnY14K1eDCLY/+6V47I27fOtvP/ft+w DSG9szYCme5kauKqzm2CcSa4/uqJziwPjoAa5ltT5WALoqJU5+cTkn8wlJV1vliY 5rHjIhSw07qwGY1hPbHWfGdspSXido4WWH77vVYURQpPXkb3zXfKLQatbsxJlZ0L q9Bdi5Ol4uh3yGtTFUtTJa4KAbRLOTlSWtCyQWAkPqYnjMeRTC8= =bP+V -----END PGP SIGNATURE-----