Debian alert DLA-3063-1 (systemd)
| From: | Sylvain Beucler <beuc@beuc.net> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 3063-1] systemd security update | |
| Date: | Thu, 30 Jun 2022 16:41:03 +0200 | |
| Message-ID: | <20220630144100.GA31173@mail.beuc.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3063-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler June 30, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : systemd Version : 232-25+deb9u14 CVE ID : CVE-2020-1712 Debian Bug : 950732 A heap use-after-free vulnerability was found in systemd, a system and service manager, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. For Debian 9 stretch, this problem has been fixed in version 232-25+deb9u14. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK9tW0ACgkQDTl9HeUl XjBGOQ/+IUSzlEFBjawWOlPFDwUKGUDvAe8hyXmPGqD8ygL5SY1tCNNeZHv1iKvA ZkLm/L96WCWO4P78odo/8H+613QTb6pDQ5kwH3VnuudZcJhgH2/WDZsTLfqmHbGx auSCkjdPnJsrijNnQQSziuQZBWl/tqRugDP3SzLHSKgIPPQFkVY0Q0CAMdxE/eu9 X3NpwpDWfeN8IVyuRl4Me0cg9x7pxkXUSAeQKusC4Qf8Y+TEQdRYHpV4uz8W+lvZ TPCN+qZYRqA8eHfVwoHQZxBwKad6Q01/9z1IITCtjlqxvpzfkc9STzK3L8AtnpDw PfkAKMALwIiVryH7H8zUpS/28NDSTCtFDDGHyldo9HyCFc5/xrc3gGFBDD9lPQUd /ecgEB3tduTbsNiyJIzH2j4tj/dE2LzQY71rryfdyyV4XtsUc21dFAbu1f8zq5Mv dKe8v7/fpfVSL8PJGJMjb/3hpdOHoxk+JTwh6eTEyhsm/Y5i/x/w6NdF1YkdTBaM GN8cJnjrD617pJR5R/lHJNfQ81KF1bPBuZE78U2Ym/u+ortF/U5kZPrAOtshWQKJ 7FqNdx3NAbfMjkHYgmnvhQgRz2G59XX9V5EjfOXQFwuzzzQt5zK0umVDLpuTnl6K RNDcy1hNiaGVr05lK9onbd7DHo5qqh9Xa/A7cZfKIFgUOIutKJ4= =Lrgr -----END PGP SIGNATURE-----