Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4428-1] systemd security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4428-1] systemd security update


Chronologisch Thread 
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4428-1] systemd security update
  • Date: Mon, 08 Apr 2019 20:45:43 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1hDb9D-0004cK-IL AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 8 Apr 2019 21:03:08 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <czD4q90onCE.A.TdG.Mc7qcB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4428-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : systemd
CVE ID : CVE-2019-3842

Jann Horn discovered that the PAM module in systemd insecurely uses the
environment and lacks seat verification permitting spoofing an active
session to PolicyKit. A remote attacker with SSH access can take
advantage of this issue to gain PolicyKit privileges that are normally
only granted to clients in an active session on the local console.

For the stable distribution (stretch), this problem has been fixed in
version 232-25+deb9u11.

This update includes updates previously scheduled to be released in the
stretch 9.9 point release.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyrsfpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S19A//eYZPzdFbJILUh0RBa2uZAxRHrOBIb/UsDKVPu4wZrMJdPGHSZoL+R2RQ
Tm1xLhFU+dgMLjfx1n70NIvg5hjPRrhD+6A8QVeU5IcsrMm7cSEFAgj3H5Cok+SN
OndAGXQ/EoRrSTDUjnNA7x4H3oxlsnH8nnY4vMqLezlPimMve+hsUSmB/ggDfB9M
FoZX35xUsSb/VvxdLqdVM7SFpti63XzAyYOueshaseGNR76rXkaPbXBSpzmcOhaz
9f08i1XG0IeojM0iHzBvOR8skicAPIwFXVLTCt1QE3nqzYeRhZAcq5yifAVm0A6G
qzVihq36Sw1roz5uI95x/jBd+odLbSZBG3a7py7jMDsWi8lRkD3kftQVsF9OmUgE
FaJtVKCydcWDRA9zWDLMG/6XqRIpDviK8DY/9dq6VkG6VHswobMs87LsrKrdb1tC
SqIV2n0mvsUs+BeMI1DDZbJuoXKjHi+3hS+wLFrZ/TM+riAuUq4KbfbSR9JLQdVS
D9Vq4J+hECgquS7c/YjmwNm2IdK4R8oSYs410AOmaWB/1xPzn5u5j4HMe3D6DJ6h
8H20PL1O6npyJOWGNimfZDGoxTR87Qfv72v5s59FtJzSVxGLaynsgIv0+ZO0SGH7
80/FYzsd0O4AtrZhjF0jxhwcCmCDMfNO1rEm/whQkmPhdLNxgTM=
=flwI
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 4428-1] systemd security update, Salvatore Bonaccorso, 08.04.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang