Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 16.04 LTS USN-3816-3: Systemd Regression Security Advisory

ubuntu
Calendar Grey November 27, 2018
Dist Ubuntu Esm H88
Recent Ubuntu notice points out a straightforward regression in systemd. It's recommended to update your system as suggested to ensure peak performance.
USN-3816-1 caused a regression in systemd-tmpfiles.

Summary

USN-3816-1 caused a regression in systemd-tmpfiles.

Software Description:

- systemd: system and service manager

Details:

USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954

caused a regression in systemd-tmpfiles when running Ubuntu inside a

container on some older kernels. This issue only affected Ubuntu 16.04

LTS. In order to continue to support this configuration, the fixes for

CVE-2018-6954 have been reverted.

We apologize for the inconvenience.

Original advisory details:

 Jann Horn discovered that unit_deserialize incorrectly handled status

messages

 above a certain length. A local attacker could potentially exploit this via

 NotifyAccess to inject arbitrary state across re-execution and obtain root

 privileges. (CVE-2018-15686)

 

 Jann Horn discovered a race condition in chown_one(). A local attacker

 could potentially exploit this by setting arbitrary permissions on certain

 files to obtain root privileges. This issu...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  systemd                         229-4ubuntu21.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

 

  https://ubuntu.com/security/notices/USN-3816-1

  https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804847

November 27, 2018

Package Information

  https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here