MGASA-2021-0304 - Updated systemd packages fix a security vulnerability

Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0304.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-13776

A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or "0x" followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27043
- https://access.redhat.com/errata/RHSA-2021:1611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776

SRPMS:
- 7/core/systemd-241-8.6.mga7