Autor Thema: [Update] 2019-01-19 - Security update to Systemd v239 series  (Gelesen 186 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline landtaipan

  • Vollwertiges Mitglied
  • ***
  • Beiträge: 210
  • Dankeschön: 49 mal
  • Desktop: xfce
  • Grafikkarte: nvidia
  • Grafikkartentreiber: free
  • Kernel: 5.x
  • Prozessor: Intel i7
  • Skill: Durchschnitt
  • Zweig: stable/testing
Zitat
philm - Manjaro Team

Hi community,

Welcome to our third stable update of 2019. So what do we have with this one?

We addressed the following security issues within systemd v239 series:

    CVE-2018-15686 1: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.
    CVE-2018-15687 1: A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files.
    CVE-2018-6954_2: systemd-tmpfiles in systemd through 239 mishandles symlinks present in non-terminal path components.
    CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.
    CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket.
    CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’.

This is also addressed with v239.6-4 in our testing branch and with v240.275-1 in our unstable branch.

We hope with all these changes Manjaro to be more efficient for you all.

Current supported Kernels

    linux316 3.16.62
    linux318 3.18.131 [EOL]
    linux44 4.4.167
    linux49 4.9.149
    linux414 4.14.92
    linux417 4.17.19 [EOL]
    linux418 4.18.20 [EOL]
    linux419 4.19.14
    linux420 4.20.1
    linux414-rt 4.14.87_rt49
    linux416-rt 4.16.18_rt11
    linux418-rt 4.18.16_rt9

Package Updates (Sat Jan 12 10:12:43 CET 2019)

    stable core x86_64: 4 new and 4 removed package(s)
    stable multilib x86_64: 1 new and 1 removed package(s)