Mageia alert MGASA-2021-0304 (systemd)

From:
               Mageia Updates <buildsystem-daemon@mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2021-0304: Updated systemd packages fix a security vulnerability
Date:
               Thu, 01 Jul 2021 01:59:52 +0200
Message-ID:
               <20210630235952.6797DA00B5@duvel.mageia.org>
Archive-link:
               Article
MGASA-2021-0304 - Updated systemd packages fix a security vulnerability

Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0304.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-13776

Description:
A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or "0x" followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27043
- https://access.redhat.com/errata/RHSA-2021:1611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1...

SRPMS:
- 7/core/systemd-241-8.6.mga7

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2021-0304: Updated systemd packages fix a security vulnerability
Date:		Thu, 01 Jul 2021 01:59:52 +0200
Message-ID:		<20210630235952.6797DA00B5@duvel.mageia.org>
Archive-link:		Article