Mageia 2021-0304: systemd security update
Summary
A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or "0x" followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).
References
- https://bugs.mageia.org/show_bug.cgi?id=27043
- https://access.redhat.com/errata/RHSA-2021:1611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776
Resolution
MGASA-2021-0304 - Updated systemd packages fix a security vulnerability
SRPMS
- 7/core/systemd-241-8.6.mga7