Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Debian: DSA-4428-1 Critical: systemd PolicyKit Privilege Escalation

debian
Calendar Grey April 8, 2019
Debian Logo
The advisory DSA-4428-1 highlights a significant PolicyKit vulnerability in systemd on Debian, enabling privilege escalation. Users should promptly apply updates to safeguard system integrity
Jann Horn discovered that the PAM module in systemd insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit

Summary

For the stable distribution (stretch), this problem has been fixed in
version 232-25+deb9u11.

This update includes updates previously scheduled to be released in the
stretch 9.9 point release.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/systemd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: systemd
CVE ID: CVE-2019-3842

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.