USN-5583-2

USN-5583-1 fixed vulnerabilities in systemd. Unfortunately this caused a regression by introducing networking problems for some users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-2526)

References

Affected packages

Ubuntu:18.04:LTS / systemd

Package

Name: systemd
Purl: pkg:deb/ubuntu/systemd@237-3ubuntu10.56?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

237-3ubuntu10.56

Affected versions

Other

234-2ubuntu12

235-2ubuntu3

235-3ubuntu2

235-3ubuntu3

237-3ubuntu3

237-3ubuntu4

237-3ubuntu6

237-3ubuntu7

237-3ubuntu8

237-3ubuntu10

237-3ubuntu10.*

237-3ubuntu10.2

237-3ubuntu10.3

237-3ubuntu10.4

237-3ubuntu10.6

237-3ubuntu10.9

237-3ubuntu10.11

237-3ubuntu10.12

237-3ubuntu10.13

237-3ubuntu10.15

237-3ubuntu10.17

237-3ubuntu10.19

237-3ubuntu10.20

237-3ubuntu10.21

237-3ubuntu10.22

237-3ubuntu10.23

237-3ubuntu10.24

237-3ubuntu10.25

237-3ubuntu10.26

237-3ubuntu10.28

237-3ubuntu10.29

237-3ubuntu10.31

237-3ubuntu10.33

237-3ubuntu10.38

237-3ubuntu10.39

237-3ubuntu10.40

237-3ubuntu10.41

237-3ubuntu10.42

237-3ubuntu10.43

237-3ubuntu10.44

237-3ubuntu10.45

237-3ubuntu10.46

237-3ubuntu10.47

237-3ubuntu10.48

237-3ubuntu10.49

237-3ubuntu10.50

237-3ubuntu10.51

237-3ubuntu10.52

237-3ubuntu10.53

237-3ubuntu10.54

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libnss-myhostname",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libnss-mymachines",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libnss-resolve",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libnss-systemd",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libpam-systemd",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libsystemd-dev",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libsystemd0",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libudev-dev",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "libudev1",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "systemd",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "systemd-container",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "systemd-coredump",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "systemd-journal-remote",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "systemd-sysv",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "systemd-tests",
            "binary_version": "237-3ubuntu10.56"
        },
        {
            "binary_name": "udev",
            "binary_version": "237-3ubuntu10.56"
        }
    ]
}

Database specific

cves_map

{
    "cves": [
        {
            "id": "CVE-2022-2526",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:18.04:LTS"
}