[SECURITY] [DLA 1684-1] systemd security update

2019-02-1919:28:13

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Package : systemd
Version : 215-17+deb8u10
CVE ID : CVE-2019-6454

Chris Coulson discovered a flaw in systemd leading to denial of service.
An unprivileged user could take advantage of this issue to crash PID1 by
sending a specially crafted D-Bus message on the system bus.

For Debian 8 "Jessie", this problem has been fixed in version
215-17+deb8u10.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9mips64ellibudev1-udeb< 232-25+deb9u9libudev1-udeb_232-25+deb9u9_mips64el.deb
Debian9ppc64elsystemd-coredump< 232-25+deb9u9systemd-coredump_232-25+deb9u9_ppc64el.deb
Debian9s390xlibpam-systemd< 232-25+deb9u9libpam-systemd_232-25+deb9u9_s390x.deb
Debian9mipselsystemd-container-dbgsym< 232-25+deb9u9systemd-container-dbgsym_232-25+deb9u9_mipsel.deb
Debian8armelgir1.2-gudev-1.0< 215-17+deb8u10gir1.2-gudev-1.0_215-17+deb8u10_armel.deb
Debian8amd64libudev1-udeb< 215-17+deb8u10libudev1-udeb_215-17+deb8u10_amd64.deb
Debian8i386libsystemd-id128-dev< 215-17+deb8u10libsystemd-id128-dev_215-17+deb8u10_i386.deb
Debian9i386libnss-resolve-dbgsym< 232-25+deb9u9libnss-resolve-dbgsym_232-25+deb9u9_i386.deb
Debian9armhfsystemd-container-dbgsym< 232-25+deb9u9systemd-container-dbgsym_232-25+deb9u9_armhf.deb
Debian9armhflibudev-dev< 232-25+deb9u9libudev-dev_232-25+deb9u9_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips64el	libudev1-udeb	< 232-25+deb9u9	libudev1-udeb_232-25+deb9u9_mips64el.deb
Debian	9	ppc64el	systemd-coredump	< 232-25+deb9u9	systemd-coredump_232-25+deb9u9_ppc64el.deb
Debian	9	s390x	libpam-systemd	< 232-25+deb9u9	libpam-systemd_232-25+deb9u9_s390x.deb
Debian	9	mipsel	systemd-container-dbgsym	< 232-25+deb9u9	systemd-container-dbgsym_232-25+deb9u9_mipsel.deb
Debian	8	armel	gir1.2-gudev-1.0	< 215-17+deb8u10	gir1.2-gudev-1.0_215-17+deb8u10_armel.deb
Debian	8	amd64	libudev1-udeb	< 215-17+deb8u10	libudev1-udeb_215-17+deb8u10_amd64.deb
Debian	8	i386	libsystemd-id128-dev	< 215-17+deb8u10	libsystemd-id128-dev_215-17+deb8u10_i386.deb
Debian	9	i386	libnss-resolve-dbgsym	< 232-25+deb9u9	libnss-resolve-dbgsym_232-25+deb9u9_i386.deb
Debian	9	armhf	systemd-container-dbgsym	< 232-25+deb9u9	systemd-container-dbgsym_232-25+deb9u9_armhf.deb
Debian	9	armhf	libudev-dev	< 232-25+deb9u9	libudev-dev_232-25+deb9u9_armhf.deb