Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 734
Alerts This Week
Warning Icon 1 734

SUSE: 2018:3767-2 Important: Systemd Buffer Overflow And Escalation Fixes

suse
Calendar Grey December 10, 2018
Dist Suse Esm H88
SUSE security update tackles significant issues with OpenSSL. A couple of vulnerabilities patched with crucial updates provided by SUSE.
An update that solves two vulnerabilities and has 7 fixes is now available

Summary

This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476)

References

#1106923 #1108835 #1109252 #1110445 #1111278

#1112024 #1113083 #1113632 #1113665

Cross- CVE-2018-15686 CVE-2018-15688

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-15686.html

https://www.suse.com/security/cve/CVE-2018-15688.html

https://bugzilla.suse.com/1106923

https://bugzilla.suse.com/1108835

https://bugzilla.suse.com/1109252

https://bugzilla.suse.com/1110445

https://bugzilla.suse.com/1111278

https://bugzilla.suse.com/1112024

https://bugzilla.suse.com/1113083

https://bugzilla.suse.com/1113632

https://bugzilla.suse.com/1113665

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3767-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.