Lucene search

AmazonALAS2-2018-961

HistoryFeb 20, 2018 - 9:44 p.m.

Medium: systemd

2018-02-2021:44:00

alas.aws.amazon.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

Issue Overview:

Access to automounted volumes can lock up
A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service.(CVE-2018-1049)

Affected Packages:

systemd

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update systemd to update your system.

New Packages:

src:  
    systemd-219-42.amzn2.7.src  
  
x86_64:  
    systemd-219-42.amzn2.7.x86_64  
    systemd-libs-219-42.amzn2.7.x86_64  
    systemd-devel-219-42.amzn2.7.x86_64  
    systemd-sysv-219-42.amzn2.7.x86_64  
    systemd-python-219-42.amzn2.7.x86_64  
    libgudev1-219-42.amzn2.7.x86_64  
    libgudev1-devel-219-42.amzn2.7.x86_64  
    systemd-journal-gateway-219-42.amzn2.7.x86_64  
    systemd-networkd-219-42.amzn2.7.x86_64  
    systemd-resolved-219-42.amzn2.7.x86_64  
    systemd-debuginfo-219-42.amzn2.7.x86_64

Additional References

Red Hat: CVE-2018-1049

Mitre: CVE-2018-1049

OSVersionArchitecturePackageVersionFilename
Amazon Linux2x86_64systemd< 219-42.amzn2.7systemd-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-libs< 219-42.amzn2.7systemd-libs-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-devel< 219-42.amzn2.7systemd-devel-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-sysv< 219-42.amzn2.7systemd-sysv-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-python< 219-42.amzn2.7systemd-python-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64libgudev1< 219-42.amzn2.7libgudev1-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64libgudev1-devel< 219-42.amzn2.7libgudev1-devel-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-journal-gateway< 219-42.amzn2.7systemd-journal-gateway-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-networkd< 219-42.amzn2.7systemd-networkd-219-42.amzn2.7.x86_64.rpm
Amazon Linux2x86_64systemd-resolved< 219-42.amzn2.7systemd-resolved-219-42.amzn2.7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	x86_64	systemd	< 219-42.amzn2.7	systemd-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-libs	< 219-42.amzn2.7	systemd-libs-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-devel	< 219-42.amzn2.7	systemd-devel-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-sysv	< 219-42.amzn2.7	systemd-sysv-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-python	< 219-42.amzn2.7	systemd-python-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	libgudev1	< 219-42.amzn2.7	libgudev1-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	libgudev1-devel	< 219-42.amzn2.7	libgudev1-devel-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-journal-gateway	< 219-42.amzn2.7	systemd-journal-gateway-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-networkd	< 219-42.amzn2.7	systemd-networkd-219-42.amzn2.7.x86_64.rpm
Amazon Linux	2	x86_64	systemd-resolved	< 219-42.amzn2.7	systemd-resolved-219-42.amzn2.7.x86_64.rpm