Explore top 10 tips to secure your open-source projects now. Read More
×
This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476)
#1089761 #1090944 #1091677 #1093753 #1101040
#1102908 #1105031 #1107640 #1107941 #1109197
#1109252 #1110445 #1112024 #1113083 #1113632
#1113665 #1114135 #991901
Cross- CVE-2018-15686 CVE-2018-15688
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2018-15686.html
https://www.suse.com/security/cve/CVE-2018-15688.html
https://bugzilla.suse.com/1089761
https://bugzilla.suse.com/1090944
https://bugzilla.suse.com/1091677
https://bugzilla.suse.com/1093753
https://bugzilla.suse.com/1101040
https://bugzilla.suse.com/1102908
https://bugzilla.suse.com/1105031
https://bugzilla.suse.com/1107640
https://bugzilla.suse.com/1107941
Get the latest Linux and open source security news straight to your inbox.