[SECURITY] [DLA 1639-1] systemd security update

2019-01-2304:26:20

lists.debian.org

264

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.3%

JSON

Package : systemd
Version : 215-17+deb8u9
CVE ID : CVE-2018-16864 CVE-2018-16865
Debian Bug : 918841 918848

Multiple vulnerabilities were found in the journald component of
systemd which can lead to a crash or code execution.

CVE-2018-16864

An allocation of memory without limits, that could result in the
stack clashing with another memory region, was discovered in
systemd-journald when many entries are sent to the journal
socket. A local attacker, or a remote one if
systemd-journal-remote is used, may use this flaw to crash
systemd-journald or execute code with journald privileges.

CVE-2018-16865

An allocation of memory without limits, that could result in the
stack clashing with another memory region, was discovered in
systemd-journald when a program with long command line arguments
calls syslog. A local attacker may use this flaw to crash
systemd-journald or escalate his privileges. Versions through v240
are vulnerable.

For Debian 8 "Jessie", these problems have been fixed in version
215-17+deb8u9.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9arm64libnss-resolve-dbgsym< 232-25+deb9u7libnss-resolve-dbgsym_232-25+deb9u7_arm64.deb
Debian9mips64ellibudev-dev< 232-25+deb9u7libudev-dev_232-25+deb9u7_mips64el.deb
Debian8armellibudev1-udeb< 215-17+deb8u9libudev1-udeb_215-17+deb8u9_armel.deb
Debian8armhfsystemd-dbg< 215-17+deb8u9systemd-dbg_215-17+deb8u9_armhf.deb
Debian8armhflibsystemd-journal-dev< 215-17+deb8u9libsystemd-journal-dev_215-17+deb8u9_armhf.deb
Debian9mips64elsystemd-container< 232-25+deb9u7systemd-container_232-25+deb9u7_mips64el.deb
Debian8armellibsystemd0< 215-17+deb8u9libsystemd0_215-17+deb8u9_armel.deb
Debian9i386udev-dbgsym< 232-25+deb9u7udev-dbgsym_232-25+deb9u7_i386.deb
Debian9s390xsystemd-sysv< 232-25+deb9u7systemd-sysv_232-25+deb9u7_s390x.deb
Debian9i386libpam-systemd-dbgsym< 232-25+deb9u7libpam-systemd-dbgsym_232-25+deb9u7_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	arm64	libnss-resolve-dbgsym	< 232-25+deb9u7	libnss-resolve-dbgsym_232-25+deb9u7_arm64.deb
Debian	9	mips64el	libudev-dev	< 232-25+deb9u7	libudev-dev_232-25+deb9u7_mips64el.deb
Debian	8	armel	libudev1-udeb	< 215-17+deb8u9	libudev1-udeb_215-17+deb8u9_armel.deb
Debian	8	armhf	systemd-dbg	< 215-17+deb8u9	systemd-dbg_215-17+deb8u9_armhf.deb
Debian	8	armhf	libsystemd-journal-dev	< 215-17+deb8u9	libsystemd-journal-dev_215-17+deb8u9_armhf.deb
Debian	9	mips64el	systemd-container	< 232-25+deb9u7	systemd-container_232-25+deb9u7_mips64el.deb
Debian	8	armel	libsystemd0	< 215-17+deb8u9	libsystemd0_215-17+deb8u9_armel.deb
Debian	9	i386	udev-dbgsym	< 232-25+deb9u7	udev-dbgsym_232-25+deb9u7_i386.deb
Debian	9	s390x	systemd-sysv	< 232-25+deb9u7	systemd-sysv_232-25+deb9u7_s390x.deb
Debian	9	i386	libpam-systemd-dbgsym	< 232-25+deb9u7	libpam-systemd-dbgsym_232-25+deb9u7_i386.deb