NewStart CGSL MAIN 6.06 : systemd Multiple Vulnerabilities (NS-SA-2025-0220)

The remote NewStart CGSL host, running version MAIN 6.06, has systemd packages installed that are affected by multiple vulnerabilities: - A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages....

SUSE CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...

USN-3816-1 systemd vulnerabilities

Jann Horn discovered that unitdeserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. CVE-2018-15686 Jann Horn discovered a race condition in...

UBUNTU-CVE-2018-15686

A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and...