Package systemd updated to version 246.16-alt1 for branch p9 in task 283283.

Published: 2021-06-09

BDU:2021-04153

Уязвимость функций alloca() и strdup() подсистемы инициализации и управления службами Systemd, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2021-33910

Published: 2020-08-18

BDU:2022-06889

Уязвимость подсистемы инициализации и управления службами Systemd, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.1) Vector: AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

References:

CVE-2020-13529

Published: 2021-05-10
Modified: 2024-11-21

CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

References:

Published: 2021-07-20
Modified: 2024-11-21

CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

не удаляются старые записи из /etc/resolv.conf

Не упакован /lib/systemd/system-sleep/

Version: 2.1.0

Package systemd update in p9 on 2021-08-20

ALT-PU-2021-2584-1

Closed vulnerabilities

BDU:2021-04153

BDU:2022-06889

CVE-2020-13529

CVE-2021-33910

Closed bugs

Bug #33589

Bug #39349