ESB-2018.3603 - [Debian] systemd: Multiple vulnerabilities 2018-11-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3603
                          systemd security update
                             20 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           systemd
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Root Compromise   -- Remote/Unauthenticated
                   Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-15688 CVE-2018-15686 CVE-2018-1049

Reference:         ESB-2018.3569
                   ESB-2018.3507
                   ESB-2018.0361
                   ESB-2018.0317
                   ESB-2018.3543.2

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Package        : systemd
Version        : 215-17+deb8u8
CVE ID         : CVE-2018-1049 CVE-2018-15686 CVE-2018-15688
Debian Bug     : 912005 912008

systemd was found to suffer from multiple security vulnerabilities
ranging from denial of service attacks to possible root privilege
escalation.

CVE-2018-1049

    A race condition exists between .mount and .automount units such
    that automount requests from kernel may not be serviced by systemd
    resulting in kernel holding the mountpoint and any processes that
    try to use said mount will hang. A race condition like this may
    lead to denial of service, until mount points are unmounted.

CVE-2018-15686

    A vulnerability in unit_deserialize of systemd allows an attacker
    to supply arbitrary state across systemd re-execution via
    NotifyAccess. This can be used to improperly influence systemd
    execution and possibly lead to root privilege escalation.

CVE-2018-15688

    A buffer overflow vulnerability in the dhcp6 client of systemd
    allows a malicious dhcp6 server to overwrite heap memory in
    systemd-networkd, which is not enabled by default in Debian.

For Debian 8 "Jessie", these problems have been fixed in version
215-17+deb8u8.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlvzSnEACgkQPqHd3bJh
2XsUCQf/UNAIH1az5ucF3JEpKgsIWlkxKLTIN1qiouJzrAjKMOsa+O8WO2A6z3P8
LEM6zCzbBQ+ClmAzUF+F2SMlmwal8v8Eqt8TfBTxKKdCc070MQUAgTx3sDB29qRE
JhbNhRx1B0ya9timt+wnablhtJU/m047Z1WkB6KcXDdL/QO+7Dr26A5vgbCgMDS8
W0xs7jiQKwDCfQu4mYmDhIK+t8bAeZFpgmaJpULyKmWkOtzsTxQcTnq6EXBGBtt1
dMxOIgTXNK5etvtd5LmfZ/CrC7BYYzr7qZ4ePtZ4L2lizQW3Kv+SSjy2kTt23Cwl
mRs9dJX4CmtwclnitKnA8j9FJUw4gA==
=aP8M
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW/NQWGaOgq3Tt24GAQgjcxAA1wJ0jD1Xhq3coJaA6Iaf6Afb4fsBzVbC
/c6AWKmmAi7UMvhHBsKMrBY8BGojJOcrhdiDJYYmeM+Di2g47tShUzap0aqmJg8z
/e9/UlwQmf8+7603dRTFBmX/TQ5oHNdXXPdZfql+Zj8ZI+NG04EQc+udL1TR5NC+
b8a5aqle7uWTrlLy0WnAb+6DmjHxJ7H8Ev4Tc36DEqpBGiVVwmq36gcrD2RhTqyX
PdhVyVgrMOwV9R+JLUn3E0AyTjGc1AXkAxU6xR2zSfTb9Xne5EWHlGKkIXYx2dSa
41lYvFuSBhEahFEXA9uB9C1Tv7tVoA8UlmU4h/bgMhuWSJ9MgYjgXo6Q9dDhJH0d
6mWpSjQSIUKyKf4pn+JBMLJxeSBAoYj9cQJ8MpNj12haIcSAqobVXZpd/Vp2YWzn
QydKdljzftv02jYpaw4WQdVr042Wu2ea7+7oYmsnWsg0gfadDyYdVkZwK5ofYHrk
1Y9fFNFKXy6IkA/ODVf3lnvbhtaoElKOgol3fVwjqcJo+CzQFeyt/9HxxI+QSK49
fIhdKPUM231txgBI3z4w2WrJC9pJPdZAeTy+tM2AegQEm2EFiu9piDN+c8C/J33O
hXvAEb1xqEpfPl3yWiwfi6Q0b9OmAV72hmw7y8fvT4GLFbFv919UzGueKijDHOpa
nqO4cA7Xzzw=
=fJ/U
-----END PGP SIGNATURE-----

« Back to bulletins