Bug 49262 – systemd: Multiple issues (4.4)

Bug 49262 - systemd: Multiple issues (4.4)


Summary:	systemd: Multiple issues (4.4)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.4
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.4-0-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-04-09 10:46 CEST by Quality Assurance
Modified:	2019-04-10 14:19 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	4.5 (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Debian RedHat

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2019-04-09 10:46:05 CEST

New Debian systemd 232-25+deb9u11A~4.4.0.201904091045 fixes:
This update addresses the following issues:
* automount: access to automounted volumes can lock up (CVE-2018-1049)
* Line splitting via fgets() allows for state injection during daemon-reexec  (CVE-2018-15686)
* systemd (CVE-2019-3842)

Comment 1 Quality Assurance

2019-04-09 13:00:51 CEST

--- mirror/ftp/4.4/unmaintained/4.4-0/source/systemd_232-25+deb9u9A~4.3.3.201902261122.dsc
+++ apt/ucs_4.3-0-errata4.3-3/source/systemd_232-25+deb9u11A~4.3.3.201904091044.dsc
@@ -1,8 +1,32 @@
-232-25+deb9u9A~4.3.3.201902261122 [Tue, 26 Feb 2019 11:23:07 +0100] Univention builddaemon <buildd@univention.de>:
+232-25+deb9u11A~4.3.3.201904091044 [Tue, 09 Apr 2019 10:45:00 +0200] Univention builddaemon <buildd@univention.de>:
 
   * UCS auto build. The following patches have been applied to the original source package
     01-fix-ftbfs
     10-ignore-ucs-divered
+
+232-25+deb9u11 [Mon, 08 Apr 2019 12:51:41 +0200] Michael Biebl <biebl@debian.org>:
+
+  * pam-systemd: use secure_getenv() rather than getenv()
+    Fixes a vulnerability in the systemd PAM module which insecurely uses
+    the environment and lacks seat verification permitting spoofing an
+    active session to PolicyKit. (CVE-2019-3842)
+
+232-25+deb9u10 [Sun, 10 Mar 2019 15:52:46 +0100] Michael Biebl <biebl@debian.org>:
+
+  * journald: fix assertion failure on journal_file_link_data (Closes: #916880)
+  * tmpfiles: fix "e" to support shell style globs (Closes: #918400)
+  * mount-util: accept that name_to_handle_at() might fail with EPERM.
+    Container managers frequently block name_to_handle_at(), returning
+    EACCES or EPERM when this is issued. Accept that, and simply fall back
+    to fdinfo-based checks. (Closes: #917122)
+  * automount: ack automount requests even when already mounted.
+    Fixes a race condition in systemd which could result in automount requests
+    not being serviced and processes using them to hang, causing denial of
+    service. (CVE-2018-1049)
+  * core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
+    Fixes improper serialization on upgrade which can influence systemd
+    execution environment and lead to root privilege escalation.
+    (CVE-2018-15686, Closes: #912005)
 
 232-25+deb9u9 [Sun, 17 Feb 2019 09:22:58 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 

<http://10.200.17.11/4.4-0/#301614886511832355>

Comment 2 Philipp Hahn

2019-04-09 13:39:31 CEST

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-0] 59cc4baca4 Bug #49262: systemd 232-25+deb9u11A~4.3.3.201904091044
 doc/errata/staging/systemd.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

Comment 3 Erik Damrose

2019-04-10 14:19:10 CEST

<http://errata.software-univention.de/ucs/4.4/43.html>