MGASA-2019-0330

Source
https://advisories.mageia.org/MGASA-2019-0330.html
Import Source
https://advisories.mageia.org/MGASA-2019-0330.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2019-0330
Related
Published
2019-11-19T21:16:53Z
Modified
2019-11-19T20:48:31Z
Summary
Updated systemd packages fix security vulnerability
Details

Updated systemd packages fix security vulnerability:

Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users. This can be exploited by local users to modify the system's DNS resolver settings (CVE-2019-15718).

This update also adds various upstream fixes for networkd, resolved, updates the manpages, fixing some logging messages and adds some missing checks that can potentially be used to cause crashes or malfunction.

The syscall filter list has been updated to properly support newer glibc and kernel features with seccomp and nspawn.

References
Credits

Affected packages

Mageia:7 / systemd

Package

Name
systemd
Purl
pkg:rpm/mageia/systemd?arch=source&distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
241-8.4.mga7

Ecosystem specific

{
    "section": "core"
}