MGASA-2019-0330

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0330.html

Import Source

https://advisories.mageia.org/MGASA-2019-0330.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0330

Related

CVE-2019-15718

Published

2019-11-19T21:16:53Z

Modified

2019-11-19T20:48:31Z

Summary

Updated systemd packages fix security vulnerability

Details

Updated systemd packages fix security vulnerability:

Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users. This can be exploited by local users to modify the system's DNS resolver settings (CVE-2019-15718).

This update also adds various upstream fixes for networkd, resolved, updates the manpages, fixing some logging messages and adds some missing checks that can potentially be used to cause crashes or malfunction.

The syscall filter list has been updated to properly support newer glibc and kernel features with seccomp and nspawn.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / systemd

Package

Name: systemd
Purl: pkg:rpm/mageia/systemd?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

241-8.4.mga7

Ecosystem specific

{
    "section": "core"
}