All errata/p8/ALT-PU-2019-1684-1
ALT-PU-2019-1684-1

Package update systemd in branch p8

Version239-alt1.M80P.1
Task#226956
Published2019-04-18
Max severityHIGH
Severity:

Closed issues (3)

BDU:2019-02469
HIGH7.8

Уязвимость компонента systemd-tmpfiles демона Systemd, позволяющая нарушителю получить доступ к произвольным файлам

Published: 2019-07-11Modified: 2021-03-23
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2013-4392
MEDIUM5.0

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Published: 2013-10-28Modified: 2026-04-29
CVSS 2.0LOW 3.3
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N
CVSS 3.xMEDIUM 5.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
References
CVE-2018-6954
HIGH7.8

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

Published: 2018-02-13Modified: 2025-06-09
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References

Closed bugs (1)

Bug #36267

нужна явная зависимость от systemd