Mageia 7: MGASA-2019-0330 Moderate: Systemd Access Control Flaw
mageia
November 19, 2019
Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bu...
Summary
Updated systemd packages fix security vulnerability:
Nadav Markus from Palo Alto Networks discovered that systemd-resolved
does not enforce appropriate access controls on its D-Bus interface and
allows unprivileged users to execute methods that are meant to be
available only to privileged users. This can be exploited by local usersto modify the system's DNS resolver settings (CVE-2019-15718).
This update also adds various upstream fixes for networkd, resolved,
updates the manpages, fixing some logging messages and adds some missing
checks that can potentially be used to cause crashes or malfunction.
The syscall filter list has been updated to properly support newer glibc
and kernel features with seccomp and nspawn.
References
- https://bugs.mageia.org/show_bug.cgi?id=25404
- https://www.openwall.com/lists/oss-security/2019/09/03/1
- https://access.redhat.com/errata/RHSA-2019:3592
- https://www.cve.org/CVERecord?id=CVE-2019-15718
Topics Covered
Resolution
SRPMS
- 7/core/systemd-241-8.4.mga7
PREVIOUS
NEXT
Publication date: 19 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0330.html
Type: security
CVE: CVE-2019-15718
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!