Ubuntu 3816-2: systemd vulnerability

    Date19 Nov 2018
    Posted ByAnthony Pell
    systemd-tmpfiles could be made to change ownership of arbitrary files.
    Ubuntu Security Notice USN-3816-2
    November 19, 2018
    systemd vulnerability
    A security issue affects these releases of Ubuntu and its derivatives:
    - Ubuntu 18.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    systemd-tmpfiles could be made to change ownership of arbitrary files.
    Software Description:
    - systemd: system and service manager
    USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for
    CVE-2018-6954 was not sufficient. This update provides the remaining fixes.
    We apologize for the inconvenience.
    Original advisory details:
     Jann Horn discovered that unit_deserialize incorrectly handled status
     above a certain length. A local attacker could potentially exploit this via
     NotifyAccess to inject arbitrary state across re-execution and obtain root
     privileges. (CVE-2018-15686)
     Jann Horn discovered a race condition in chown_one(). A local attacker
     could potentially exploit this by setting arbitrary permissions on certain
     files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS
     and Ubuntu 18.10. (CVE-2018-15687)
     It was discovered that systemd-tmpfiles mishandled symlinks in
     non-terminal path components. A local attacker could potentially exploit
     this by gaining ownership of certain files to obtain root privileges. This
     issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-6954)
    Update instructions:
    The problem can be corrected by updating your system to the following
    package versions:
    Ubuntu 18.10:
      systemd                         239-7ubuntu10.4
    Ubuntu 18.04 LTS:
      systemd                         237-3ubuntu10.9
    Ubuntu 16.04 LTS:
      systemd                         229-4ubuntu21.9
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    Package Information:
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.