Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 20.04: USN-4269-1 Critical: Systemd Local Attacks

ubuntu
Calendar Grey February 5, 2020
Dist Ubuntu Esm H88
Ubuntu 20.04 USN-4270-1 announces updates for OpenSSL, fixing multiple vulnerabilities that could lead to security breaches.
Several security issues were fixed in systemd.

Summary

Several security issues were fixed in systemd.

Software Description:

- systemd: system and service manager

Details:

It was discovered that systemd incorrectly handled certain PIDFile files.

A local attacker could possibly use this issue to trick systemd into

killing privileged processes. This issue only affected Ubuntu 16.04 LTS.

(CVE-2018-16888)

It was discovered that systemd incorrectly handled certain udevadm trigger

commands. A local attacker could possibly use this issue to cause systemd

to consume resources, leading to a denial of service. (CVE-2019-20386)

Jann Horn discovered that systemd incorrectly handled services that use the

DynamicUser property. A local attacker could possibly use this issue to

access resources owned by a different service in the future. This issue

only affected Ubuntu 18.04 LTS. (CVE-2019-3843, CVE-2019-3844)

Tavis Ormandy discovered that systemd incorrectly handled certain Polkit

queries. A local attacker could use this i...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  systemd                         242-7ubuntu3.6

Ubuntu 18.04 LTS:
  systemd                         237-3ubuntu10.38

Ubuntu 16.04 LTS:
  systemd                         229-4ubuntu21.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4269-1

CVE-2018-16888, CVE-2019-20386, CVE-2019-3843, CVE-2019-3844,

CVE-2020-1712

Severity
critical
Lowest
Low
Medium
High
Critical

February 05, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here