Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Ubuntu 18.04 LTS: USN-3895-1 Important: Vulnerability in GnuTLS

ubuntu
Calendar Grey November 19, 2018
Dist Ubuntu Esm H88
Explore the November 2018 Ubuntu security patch that mitigates systemd flaws potentially enabling admin privileges.
systemd-tmpfiles could be made to change ownership of arbitrary files.

Summary

systemd-tmpfiles could be made to change ownership of arbitrary files.

Software Description:

- systemd: system and service manager

Details:

USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for

CVE-2018-6954 was not sufficient. This update provides the remaining fixes.

We apologize for the inconvenience.

Original advisory details:

 Jann Horn discovered that unit_deserialize incorrectly handled status

messages

 above a certain length. A local attacker could potentially exploit this via

 NotifyAccess to inject arbitrary state across re-execution and obtain root

 privileges. (CVE-2018-15686)

 

 Jann Horn discovered a race condition in chown_one(). A local attacker

 could potentially exploit this by setting arbitrary permissions on certain

 files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS

 and Ubuntu 18.10. (CVE-2018-15687)

 

 It was discovered that systemd-tmpfiles mishandled symlinks in

 non-te...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  systemd                         239-7ubuntu10.4

Ubuntu 18.04 LTS:
  systemd                         237-3ubuntu10.9

Ubuntu 16.04 LTS:
  systemd                         229-4ubuntu21.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3816-2

  https://ubuntu.com/security/notices/USN-3816-1

  CVE-2018-6954

Severity
important
Lowest
Low
Medium
High
Critical

November 19, 2018

Package Information

  https://launchpad.net/ubuntu/+source/systemd/239-7ubuntu10.4
  https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.9
  https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.9

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.