Important: systemd

Issue Overview:

It was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the “allow_active” element rather than “allow_any”. (CVE-2019-3842)

An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings. (CVE-2020-13529)

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or “0x” followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges. (CVE-2020-13776)

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in resolved-dns-stream.c not incrementing the reference counting for the
DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)

Affected Packages:

systemd

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update systemd to update your system.

New Packages:

aarch64:  
    systemd-219-78.amzn2.0.20.aarch64  
    systemd-libs-219-78.amzn2.0.20.aarch64  
    systemd-devel-219-78.amzn2.0.20.aarch64  
    systemd-sysv-219-78.amzn2.0.20.aarch64  
    systemd-python-219-78.amzn2.0.20.aarch64  
    libgudev1-219-78.amzn2.0.20.aarch64  
    libgudev1-devel-219-78.amzn2.0.20.aarch64  
    systemd-journal-gateway-219-78.amzn2.0.20.aarch64  
    systemd-networkd-219-78.amzn2.0.20.aarch64  
    systemd-resolved-219-78.amzn2.0.20.aarch64  
    systemd-debuginfo-219-78.amzn2.0.20.aarch64  
  
i686:  
    systemd-219-78.amzn2.0.20.i686  
    systemd-libs-219-78.amzn2.0.20.i686  
    systemd-devel-219-78.amzn2.0.20.i686  
    systemd-sysv-219-78.amzn2.0.20.i686  
    systemd-python-219-78.amzn2.0.20.i686  
    libgudev1-219-78.amzn2.0.20.i686  
    libgudev1-devel-219-78.amzn2.0.20.i686  
    systemd-journal-gateway-219-78.amzn2.0.20.i686  
    systemd-networkd-219-78.amzn2.0.20.i686  
    systemd-resolved-219-78.amzn2.0.20.i686  
    systemd-debuginfo-219-78.amzn2.0.20.i686  
  
src:  
    systemd-219-78.amzn2.0.20.src  
  
x86_64:  
    systemd-219-78.amzn2.0.20.x86_64  
    systemd-libs-219-78.amzn2.0.20.x86_64  
    systemd-devel-219-78.amzn2.0.20.x86_64  
    systemd-sysv-219-78.amzn2.0.20.x86_64  
    systemd-python-219-78.amzn2.0.20.x86_64  
    libgudev1-219-78.amzn2.0.20.x86_64  
    libgudev1-devel-219-78.amzn2.0.20.x86_64  
    systemd-journal-gateway-219-78.amzn2.0.20.x86_64  
    systemd-networkd-219-78.amzn2.0.20.x86_64  
    systemd-resolved-219-78.amzn2.0.20.x86_64  
    systemd-debuginfo-219-78.amzn2.0.20.x86_64  

Additional References

Red Hat: CVE-2019-3842, CVE-2020-13529, CVE-2020-13776, CVE-2022-2526

Mitre: CVE-2019-3842, CVE-2020-13529, CVE-2020-13776, CVE-2022-2526