SUSE: 2023:963-1 Important Security Update For Systemd Container
suse
April 6, 2023
The container suse/sles12sp4 was updated
Summary
Advisory ID: SUSE-SU-2023:1776-1 Released: Wed Apr 5 15:20:19 2023 Summary: Security update for systemd Type: security Severity: important
Topics Covered
References
References : 1191502 1195529 1197244 1198507 1204423 1204968 1205000 1206985
1208958 CVE-2022-3821 CVE-2022-4415 CVE-2023-26604
1191502,1195529,1197244,1198507,1204423,1204968,1205000,1206985,1208958,CVE-2022-3821,CVE-2022-4415,CVE-2023-26604
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
Bug fixes:
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2023:963-1
Container Tags : suse/sles12sp4:26.584 , suse/sles12sp4:latest
Container Release : 26.584
Severity : important
Type : security
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!