Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Red Hat 8: RHSA-2021:1611-01 Moderate Systemd Update Summary

red hat
Calendar Grey May 18, 2021
Dist Redhat Esm H88
This announcement delivers a significant security enhancement for systemd, addressing essential user accessibility vulnerabilities on Fedora Linux.
An update for systemd is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
* systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842)
* systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat bug fix moderate threat red hat enterprise linux Linux package moderate security impact systemd systemd update service manager systemd bug

References

https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Package List

Red Hat Enterprise Linux BaseOS (v. 8):
Source: systemd-239-45.el8.src.rpm
aarch64: systemd-239-45.el8.aarch64.rpm systemd-container-239-45.el8.aarch64.rpm systemd-container-debuginfo-239-45.el8.aarch64.rpm systemd-debuginfo-239-45.el8.aarch64.rpm systemd-debugsource-239-45.el8.aarch64.rpm systemd-devel-239-45.el8.aarch64.rpm systemd-journal-remote-239-45.el8.aarch64.rpm systemd-journal-remote-debuginfo-239-45.el8.aarch64.rpm systemd-libs-239-45.el8.aarch64.rpm systemd-libs-debuginfo-239-45.el8.aarch64.rpm systemd-pam-239-45.el8.aarch64.rpm systemd-pam-debuginfo-239-45.el8.aarch64.rpm systemd-tests-239-45.el8.aarch64.rpm systemd-tests-debuginfo-239-45.el8.aarch64.rpm systemd-udev-239-45.el8.aarch64.rpm systemd-udev-debuginfo-239-45.el8.aarch64.rpm
ppc64le: systemd-239-45.el8.ppc64le.rpm systemd-container-239-45.el8.ppc64le.rpm systemd-container-debuginfo-239-45.el8.ppc64le.rpm systemd-debuginfo-239-45.el8.ppc64le.rpm systemd-debugsource-239-45.el8.ppc64le.rpm systemd-devel-239-45.el8.ppc64le.rpm systemd-journal-remote-239-45.el8.ppc64le.rpm systemd-journal-remote-debuginfo-239-45.el8.ppc64le.rpm systemd-libs-239-45.el8.ppc64le.rpm systemd-libs-debuginfo-239-45.el8.ppc64le.rpm systemd-pam-239-45.el8.ppc64le.rpm systemd-pam-debuginfo-239-45.el8.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:1611-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1611
Issue date: 2021-05-18

Topic

An update for systemd is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat bug fix moderate threat red hat enterprise linux Linux package moderate security impact systemd systemd update service manager systemd bug

Relevant Releases Architectures

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1668521 - CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"

1740657 - [RFE] NUMA aware CPU affinity setting in systemd unit files

1755287 - localectl set-locale should issue an error message when trying to set a nonexistent locale

1764282 - systemd[XXXXX]: Failed to connect to API bus: Connection refused

1812972 - backport request: allow instantiated units to be enabled via presets

1819868 - systemd excessively reads mountinfo and udev is dense OpenShift environments

1845534 - CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits

1862714 - LIBSYSTEMD_VERSION value format change crashes systemd-python pip install

1865840 - systemd-tmpfiles request for backport

1868831 - FreezerState is incorrectly updated on system running cgroup v1

1868877 - Enabling the smack feature on the host may cause the container to fail to start

1870638 - RFE: Add an option to Socket units to clear the data before listening again

1871139 - [systemd] systemd-resolved.service:33: Unknown lvalue 'ProtectSystems' in section 'Service'

1880270 - "Failed to start user service, ignoring" when masking user@.service

1885553 - "systemd --user" can dump core upon session closing

1887181 - Backport PassPacketInfo= support into systemd of RHEL 8

1888912 - SELinux policy change not visible to systemd until daemon-reexec

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here