Mageia 2019-0330: systemd security update

    Date19 Nov 2019
    CategoryMageia
    114
    Posted ByLinuxSecurity Advisories
    Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be
    MGASA-2019-0330 - Updated systemd packages fix security vulnerability
    
    Publication date: 19 Nov 2019
    URL: https://advisories.mageia.org/MGASA-2019-0330.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-15718
    
    Updated systemd packages fix security vulnerability:
    
    Nadav Markus from Palo Alto Networks discovered that systemd-resolved
    does not enforce appropriate access controls on its D-Bus interface and
    allows unprivileged users to execute methods that are meant to be
    available only to privileged users. This can be exploited by local users
    to modify the system's DNS resolver settings (CVE-2019-15718).
    
    This update also adds various upstream fixes for networkd, resolved,
    updates the manpages, fixing some logging messages and adds some missing
    checks that can potentially be used to cause crashes or malfunction.
    
    The syscall filter list has been updated to properly support newer glibc
    and kernel features with seccomp and nspawn.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=25404
    - https://www.openwall.com/lists/oss-security/2019/09/03/1
    - https://access.redhat.com/errata/RHSA-2019:3592
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718
    
    SRPMS:
    - 7/core/systemd-241-8.4.mga7
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.