systemd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description system and service manager
Version 243.78-2 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1035 242.84-2 243.0-1 Medium Fixed
AVG-906 240.95-2 241.7-1 High Fixed FS#61804
AVG-845 240.0-3 240.34-1 High Fixed
AVG-789 239.2-1 239.300-1 Critical Fixed FS#60609
AVG-621 236.0-1 237.0-1 High Fixed
AVG-615 239.2-1 240.0-3 Medium Fixed
AVG-337 232-8 233-7 Medium Fixed
AVG-329 232-8 233-6 Critical Fixed FS#54619
AVG-38 231-1 231-2 High Fixed FS#51035
Issue Group Severity Remote Type Description
CVE-2019-15718 AVG-1035 Medium No Access restriction bypass
An improper authorization flaw was discovered in systemd-resolved before v234 in the way it configures the exposed DBus interface org.freedesktop.resolve1....
CVE-2019-6454 AVG-906 High No Denial of service
It was found that bus_process_object() in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the...
CVE-2018-16866 AVG-615 Medium No Information disclosure
An out-of-bounds read has been found in the journald component of systemd >= v221 and < v240, in the syslog_parse_identifier() function in...
CVE-2018-16865 AVG-845 High No Arbitrary code execution
A memory corruption vulnerability has been found in the journald component of systemd >= v201 and <= v240, in the journal_file_append_entry() function....
CVE-2018-16864 AVG-845 High No Arbitrary code execution
A memory corruption vulnerability has been found in the journald component of systemd >= v230 and <= v240, in the set_iovec_field() function. Passing...
CVE-2018-15688 AVG-789 Critical Yes Arbitrary code execution
An out-of-bounds write has been found in the dhcpv6 option handing code of systemd-networkd up to and including v239.

It was discovered that...
CVE-2018-15687 AVG-789 High No Privilege escalation
A security issue has been found in systemd up to and including 239, where a race condition in the chown_one() function can be used to escalate privileges...
CVE-2018-15686 AVG-789 High No Privilege escalation
A security issue has been found in systemd up to and including 239, where the use of fgets() allows an attacker to escalate privilege via a crafted service...
CVE-2018-6954 AVG-615 Medium No Arbitrary file overwrite
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of...
CVE-2017-18078 AVG-621 High No Access restriction bypass
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is...
CVE-2017-9445 AVG-329 Critical Yes Arbitrary code execution
An out-of-bounds write was discovered in systemd-resolved when handling specially crafted DNS responses. A remote attacker could potentially exploit this to...
CVE-2017-9217 AVG-337 Medium Yes Denial of service
A security issue has been found in systemd-resolved, allowing a remote attacker to cause a denial of service (daemon crash via NULL-pointer dereference) via...
CVE-2016-7795 AVG-38 High No Denial of service
systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over its notification socket. After failing the...

Advisories

Date Advisory Group Severity Description
02 Oct 2019 ASA-201910-3 AVG-1035 Medium access restriction bypass
21 Feb 2019 ASA-201902-24 AVG-906 High denial of service
12 Jan 2019 ASA-201901-9 AVG-845 High arbitrary code execution
08 Jan 2019 ASA-201901-4 AVG-615 Medium multiple issues
07 Nov 2018 ASA-201811-11 AVG-789 Critical multiple issues
04 Jul 2017 ASA-201707-5 AVG-337 Medium denial of service
03 Jul 2017 ASA-201707-2 AVG-329 Critical arbitrary code execution
04 Oct 2016 ASA-201610-2 AVG-38 High denial of service