Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3175
systemd security update
1 July 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: systemd
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1712
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html
Comment: CVSS (Max): 7.8 CVE-2020-1712 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-3063-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
June 30, 2022 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : systemd
Version : 232-25+deb9u14
CVE ID : CVE-2020-1712
Debian Bug : 950732
A heap use-after-free vulnerability was found in systemd, a system and
service manager, where asynchronous Polkit queries are performed while
handling dbus messages. A local unprivileged attacker can abuse this
flaw to crash systemd services or potentially execute code and elevate
their privileges, by sending specially crafted dbus messages.
For Debian 9 stretch, this problem has been fixed in version
232-25+deb9u14.
We recommend that you upgrade your systemd packages.
For the detailed security status of systemd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/systemd
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK9tW0ACgkQDTl9HeUl
XjBGOQ/+IUSzlEFBjawWOlPFDwUKGUDvAe8hyXmPGqD8ygL5SY1tCNNeZHv1iKvA
ZkLm/L96WCWO4P78odo/8H+613QTb6pDQ5kwH3VnuudZcJhgH2/WDZsTLfqmHbGx
auSCkjdPnJsrijNnQQSziuQZBWl/tqRugDP3SzLHSKgIPPQFkVY0Q0CAMdxE/eu9
X3NpwpDWfeN8IVyuRl4Me0cg9x7pxkXUSAeQKusC4Qf8Y+TEQdRYHpV4uz8W+lvZ
TPCN+qZYRqA8eHfVwoHQZxBwKad6Q01/9z1IITCtjlqxvpzfkc9STzK3L8AtnpDw
PfkAKMALwIiVryH7H8zUpS/28NDSTCtFDDGHyldo9HyCFc5/xrc3gGFBDD9lPQUd
/ecgEB3tduTbsNiyJIzH2j4tj/dE2LzQY71rryfdyyV4XtsUc21dFAbu1f8zq5Mv
dKe8v7/fpfVSL8PJGJMjb/3hpdOHoxk+JTwh6eTEyhsm/Y5i/x/w6NdF1YkdTBaM
GN8cJnjrD617pJR5R/lHJNfQ81KF1bPBuZE78U2Ym/u+ortF/U5kZPrAOtshWQKJ
7FqNdx3NAbfMjkHYgmnvhQgRz2G59XX9V5EjfOXQFwuzzzQt5zK0umVDLpuTnl6K
RNDcy1hNiaGVr05lK9onbd7DHo5qqh9Xa/A7cZfKIFgUOIutKJ4=
=Lrgr
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYr5zWMkNZI30y1K9AQg7BQ/+Mm/PJ4w+6xweU9JvO4eqQa9iydHoZCnr
v8Ed8z3WFpvj5qaD6iBQWbofVwwDe1RyCmKbKhuh4LPegayl4/PBkN1gzbDtgYvL
nThVFjay22qwNMk6w5xhIWOiDbF835wRNBtj6zQdi0bh68rQSCDG9bR4p6Iam4Vf
XaTNu+czSQRmJ7l8OnI5VHIlnY0mVbV3m+eOgmyAC9E31sl5vzsJC9rimhIzREho
mqV9DLZXtNz1miOYHfXOlib7bDervGyWykWcPg4Wg2OOIntkfcEGHE9PTGqcGsfw
GoCFjFmeMngxnVPo1r62DZInZZzXLjO/XjfqqX8A9gpwttWNgJnzah5DTkEwCcz3
GEOpVpwY90eyQJWeh/dJWhcMFVRh89ep/odyRJLrp+pDzkiVAP3Y2S3P7KGGElEW
lJOMTH3AimGseiGZCSsnNQjG0tZaZ5DVVK+cmzoEqBvcovNCGjOerUy8rO6pLjkW
Y4FbLpl+i06XmoD3ddRlzsDxn1WL3Zvc30/ERB2fz2ZdzjRsNEUhWyX4RpRf+uKF
ivFjXG7afzOCbyxRY3vn0j0yoJw3QtS+bh9nH9sNiRuiEh/1PcjVo3mXYEDgv8YL
YrVRaQdaaeRvKEB0BjdODyyTzCdrAKrr97zYG0Nact8QbaGHMqhMI+UB6QNdORSD
VtahNcDON8U=
=QaBT
-----END PGP SIGNATURE-----