Red Hat 7.6: RHSA-2019-3222-01 Moderate: Systemd Security Fix
red hat
October 29, 2019
An update for systemd is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Mo...
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
* systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686)
* systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Layered slices are left in a "dead" state if slices are stopped that have child slices underneath (BZ#1729227)
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2018-15686 https://access.redhat.com/security/cve/CVE-2018-16866 https://access.redhat.com/security/updates/classification#moderate
Package List
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source: systemd-219-62.el7_6.11.src.rpm
x86_64: libgudev1-219-62.el7_6.11.i686.rpm libgudev1-219-62.el7_6.11.x86_64.rpm systemd-219-62.el7_6.11.x86_64.rpm systemd-debuginfo-219-62.el7_6.11.i686.rpm systemd-debuginfo-219-62.el7_6.11.x86_64.rpm systemd-libs-219-62.el7_6.11.i686.rpm systemd-libs-219-62.el7_6.11.x86_64.rpm systemd-python-219-62.el7_6.11.x86_64.rpm systemd-sysv-219-62.el7_6.11.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64: libgudev1-devel-219-62.el7_6.11.i686.rpm libgudev1-devel-219-62.el7_6.11.x86_64.rpm systemd-debuginfo-219-62.el7_6.11.i686.rpm systemd-debuginfo-219-62.el7_6.11.x86_64.rpm systemd-devel-219-62.el7_6.11.i686.rpm systemd-devel-219-62.el7_6.11.x86_64.rpm systemd-journal-gateway-219-62.el7_6.11.x86_64.rpm systemd-networkd-219-62.el7_6.11.x86_64.rpm systemd-resolved-219-62.el7_6.11.i686.rpm systemd-resolved-219-62.el7_6.11.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: systemd-219-62.el7_6.11.src.rpm
ppc64: libgudev1-219-62.el7_6.11.ppc.rpm libgudev1-219-62.el7_6.11.ppc64.rpm libgudev1-devel-219-62.el7_6.11.ppc.rpm libgudev1-devel-219-62.el7_6.11.ppc64.rpm systemd-219-62.el7_6.11.ppc64.rpm
Read the Full Advisory
PREVIOUS 
NEXT Advisory ID: RHSA-2019:3222-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3222
Issue date: 2019-10-29
Topic
An update for systemd is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Bugs Fixed
1639071 - CVE-2018-15686 systemd: line splitting via fgets() allows for state injection during daemon-reexec
1653867 - CVE-2018-16866 systemd: out-of-bounds read when parsing a crafted syslog message
1729227 - Layered slices are left in a "dead" state if slices are stopped that have child slices underneath [rhel-7.6.z]
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!