Mageia 2021-0304: systemd security update | LinuxSecurity.com

Advisories

MGASA-2021-0304 - Updated systemd packages fix a security vulnerability

Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0304.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-13776

A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or "0x" followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27043
- https://access.redhat.com/errata/RHSA-2021:1611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776

SRPMS:
- 7/core/systemd-241-8.6.mga7

Mageia 2021-0304: systemd security update

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits

Summary

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges (CVE-2020-13776).

References

- https://bugs.mageia.org/show_bug.cgi?id=27043

- https://access.redhat.com/errata/RHSA-2021:1611

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776

Resolution

MGASA-2021-0304 - Updated systemd packages fix a security vulnerability

SRPMS

- 7/core/systemd-241-8.6.mga7

Severity
Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0304.html
Type: security
CVE: CVE-2020-13776

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.