Important: systemd

Issue Overview:

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the “systemctl status” command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. (CVE-2023-26604)

Affected Packages:

systemd

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update systemd to update your system.

New Packages:

aarch64:  
    systemd-219-78.amzn2.0.22.aarch64  
    systemd-libs-219-78.amzn2.0.22.aarch64  
    systemd-devel-219-78.amzn2.0.22.aarch64  
    systemd-sysv-219-78.amzn2.0.22.aarch64  
    systemd-python-219-78.amzn2.0.22.aarch64  
    libgudev1-219-78.amzn2.0.22.aarch64  
    libgudev1-devel-219-78.amzn2.0.22.aarch64  
    systemd-journal-gateway-219-78.amzn2.0.22.aarch64  
    systemd-networkd-219-78.amzn2.0.22.aarch64  
    systemd-resolved-219-78.amzn2.0.22.aarch64  
    systemd-debuginfo-219-78.amzn2.0.22.aarch64  
  
i686:  
    systemd-219-78.amzn2.0.22.i686  
    systemd-libs-219-78.amzn2.0.22.i686  
    systemd-devel-219-78.amzn2.0.22.i686  
    systemd-sysv-219-78.amzn2.0.22.i686  
    systemd-python-219-78.amzn2.0.22.i686  
    libgudev1-219-78.amzn2.0.22.i686  
    libgudev1-devel-219-78.amzn2.0.22.i686  
    systemd-journal-gateway-219-78.amzn2.0.22.i686  
    systemd-networkd-219-78.amzn2.0.22.i686  
    systemd-resolved-219-78.amzn2.0.22.i686  
    systemd-debuginfo-219-78.amzn2.0.22.i686  
  
src:  
    systemd-219-78.amzn2.0.22.src  
  
x86_64:  
    systemd-219-78.amzn2.0.22.x86_64  
    systemd-libs-219-78.amzn2.0.22.x86_64  
    systemd-devel-219-78.amzn2.0.22.x86_64  
    systemd-sysv-219-78.amzn2.0.22.x86_64  
    systemd-python-219-78.amzn2.0.22.x86_64  
    libgudev1-219-78.amzn2.0.22.x86_64  
    libgudev1-devel-219-78.amzn2.0.22.x86_64  
    systemd-journal-gateway-219-78.amzn2.0.22.x86_64  
    systemd-networkd-219-78.amzn2.0.22.x86_64  
    systemd-resolved-219-78.amzn2.0.22.x86_64  
    systemd-debuginfo-219-78.amzn2.0.22.x86_64  

Additional References

Red Hat: CVE-2023-26604

Mitre: CVE-2023-26604