Security fix for the ALT Linux 9 package systemd version 1:242-alt1

April 13, 2019 Alexey Shabalin 1:242-alt1 - 242 Fixes: CVE-2019-3842 - move execute systemctl daemon-reexec from post-script to filetrigger - add requires systemd to libnss-systemd package ALT 36267 - move LOCKFILE to /run/lock in udev init script ALT 35888...

openSUSE Security Update : systemd (openSUSE-2019-909)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in...

The vulnerability of the software platform for managing administrative policies and privileges, Policykit, arises from errors in processing large user identifier values, allowing attackers to bypass authentication procedures.

The vulnerability of the software platform for managing administrative policies and privileges via Policykit is related to errors in processing large user identifier values values exceeding INTMAX, which allows any systemctl command to be executed. Exploiting this vulnerability could enable a...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 CVE-2018-15686: A vulnerability in unitdeserialize ...

Command Execution

libpolkit.so is vulnerable to command execution. A lack of validation on the user's UID allows any user with a value greater than INTMAX to successfully execute any systemctl command...

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit...

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit...

Red Hat PolicyKit Command Execution Vulnerability

Red Hat PolicyKit a.k.a. Polkit is a tool from Red Hat, Inc. for privilege control of applications on Unix-compatible systems. The tool provides a central framework for authorizing general applications to do privileged work on modern desktops. A command execution vulnerability exists in Red Hat...

CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

DEBIAN-CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

ALPINE-CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

UBUNTU-CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

[SECURITY] Fedora 26 Update: knot-resolver-2.3.0-1.fc26

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

[SECURITY] Fedora 28 Update: knot-resolver-2.3.0-1.fc28

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

SUSE-SU-2017:0279-1 Security update for systemd

This update for systemd fixes the following issues: This security issue was fixed: - CVE-2016-10156: Fix permissions set on permanent timer timestamp files, preventing local unprivileged users from escalating privileges bsc1020601. These non-security issues were fixed: - Fix permission set on...

Oracle Linux 7 : systemd (ELSA-2016-2610)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-2610 advisory. 219-30.0.1.3 - set 'RemoveIPC=no' in logind.conf as default for OL7.2 22224874 - allow dm remove ioctl to co-operate with UEK3 Vaughan Cao Orabug: 18467469 - ad...

Important: Red Hat Security Advisory: mariadb-galera security and bug fix update

An update for mariadb-galera is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...