MGASA-2021-0304 - Updated systemd packages fix a security vulnerability Publication date: 30 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0304.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-13776 A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges (CVE-2020-13776). References: - https://bugs.mageia.org/show_bug.cgi?id=27043 - https://access.redhat.com/errata/RHSA-2021:1611 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776 SRPMS: - 7/core/systemd-241-8.6.mga7
Mageia 2021-0304: systemd security update
A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits
Summary
A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or "0x" followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).
References
- https://bugs.mageia.org/show_bug.cgi?id=27043
- https://access.redhat.com/errata/RHSA-2021:1611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776
Resolution
MGASA-2021-0304 - Updated systemd packages fix a security vulnerability
SRPMS
- 7/core/systemd-241-8.6.mga7
Severity
Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0304.html
Type: security
CVE: CVE-2020-13776
News
HOWTOs
Features
About Us
Powered By
