ALT-BU-2020-3662-1
Branch p9 update bulletin.
Package usb-modeswitch updated to version 2.6.0-alt1 for branch p9 in task 246071.
Closed bugs
Обновить до версии >= 2.4 (доступна 2.5)
Package usb-modeswitch-data updated to version 20191128-alt1 for branch p9 in task 246071.
Closed bugs
Обновить до 20170205
Closed vulnerabilities
BDU:2020-02039
Уязвимость системы инициализации Linux systemd, связанная с обращением к памяти после ее освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-05729
Уязвимость подсистемы инициализации и управления службами в Linux systemd, связанная с неосвобождением ресурса после истечения действительного срока его эксплуатации, позволяющая нарушителю вызвать отказ в обслуживаниии
Modified: 2024-11-21
CVE-2018-20839
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
- 108389
- 108389
- https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
- https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
- https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
- https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
- https://github.com/systemd/systemd/pull/12378
- https://github.com/systemd/systemd/pull/12378
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar
- https://security.netapp.com/advisory/ntap-20190530-0002/
- https://security.netapp.com/advisory/ntap-20190530-0002/
Modified: 2024-11-21
CVE-2019-20386
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
- openSUSE-SU-2020:0208
- openSUSE-SU-2020:0208
- https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
- https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
- FEDORA-2020-f8e267d6d0
- FEDORA-2020-f8e267d6d0
- https://security.netapp.com/advisory/ntap-20200210-0002/
- https://security.netapp.com/advisory/ntap-20200210-0002/
- USN-4269-1
- USN-4269-1
Modified: 2024-11-21
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
- https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
- https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
- https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
- https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
- https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
- https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
- https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
- https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
- [debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update
- [debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update
- https://www.openwall.com/lists/oss-security/2020/02/05/1
- https://www.openwall.com/lists/oss-security/2020/02/05/1
Closed bugs
Ругается при загрузке на отсутствие группы vmusers
Конфликт с systemd-utils