Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.3175 systemd security update 1 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: systemd Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2020-1712 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html Comment: CVSS (Max): 7.8 CVE-2020-1712 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3063-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler June 30, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : systemd Version : 232-25+deb9u14 CVE ID : CVE-2020-1712 Debian Bug : 950732 A heap use-after-free vulnerability was found in systemd, a system and service manager, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. For Debian 9 stretch, this problem has been fixed in version 232-25+deb9u14. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK9tW0ACgkQDTl9HeUl XjBGOQ/+IUSzlEFBjawWOlPFDwUKGUDvAe8hyXmPGqD8ygL5SY1tCNNeZHv1iKvA ZkLm/L96WCWO4P78odo/8H+613QTb6pDQ5kwH3VnuudZcJhgH2/WDZsTLfqmHbGx auSCkjdPnJsrijNnQQSziuQZBWl/tqRugDP3SzLHSKgIPPQFkVY0Q0CAMdxE/eu9 X3NpwpDWfeN8IVyuRl4Me0cg9x7pxkXUSAeQKusC4Qf8Y+TEQdRYHpV4uz8W+lvZ TPCN+qZYRqA8eHfVwoHQZxBwKad6Q01/9z1IITCtjlqxvpzfkc9STzK3L8AtnpDw PfkAKMALwIiVryH7H8zUpS/28NDSTCtFDDGHyldo9HyCFc5/xrc3gGFBDD9lPQUd /ecgEB3tduTbsNiyJIzH2j4tj/dE2LzQY71rryfdyyV4XtsUc21dFAbu1f8zq5Mv dKe8v7/fpfVSL8PJGJMjb/3hpdOHoxk+JTwh6eTEyhsm/Y5i/x/w6NdF1YkdTBaM GN8cJnjrD617pJR5R/lHJNfQ81KF1bPBuZE78U2Ym/u+ortF/U5kZPrAOtshWQKJ 7FqNdx3NAbfMjkHYgmnvhQgRz2G59XX9V5EjfOXQFwuzzzQt5zK0umVDLpuTnl6K RNDcy1hNiaGVr05lK9onbd7DHo5qqh9Xa/A7cZfKIFgUOIutKJ4= =Lrgr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYr5zWMkNZI30y1K9AQg7BQ/+Mm/PJ4w+6xweU9JvO4eqQa9iydHoZCnr v8Ed8z3WFpvj5qaD6iBQWbofVwwDe1RyCmKbKhuh4LPegayl4/PBkN1gzbDtgYvL nThVFjay22qwNMk6w5xhIWOiDbF835wRNBtj6zQdi0bh68rQSCDG9bR4p6Iam4Vf XaTNu+czSQRmJ7l8OnI5VHIlnY0mVbV3m+eOgmyAC9E31sl5vzsJC9rimhIzREho mqV9DLZXtNz1miOYHfXOlib7bDervGyWykWcPg4Wg2OOIntkfcEGHE9PTGqcGsfw GoCFjFmeMngxnVPo1r62DZInZZzXLjO/XjfqqX8A9gpwttWNgJnzah5DTkEwCcz3 GEOpVpwY90eyQJWeh/dJWhcMFVRh89ep/odyRJLrp+pDzkiVAP3Y2S3P7KGGElEW lJOMTH3AimGseiGZCSsnNQjG0tZaZ5DVVK+cmzoEqBvcovNCGjOerUy8rO6pLjkW Y4FbLpl+i06XmoD3ddRlzsDxn1WL3Zvc30/ERB2fz2ZdzjRsNEUhWyX4RpRf+uKF ivFjXG7afzOCbyxRY3vn0j0yoJw3QtS+bh9nH9sNiRuiEh/1PcjVo3mXYEDgv8YL YrVRaQdaaeRvKEB0BjdODyyTzCdrAKrr97zYG0Nact8QbaGHMqhMI+UB6QNdORSD VtahNcDON8U= =QaBT -----END PGP SIGNATURE-----