Описание
Security update for systemd
This update for systemd fixes the following issues:
Security vulnerability fixed:
- CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352)
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
libgudev-1_0-0-210-116.22.1
libgudev-1_0-0-32bit-210-116.22.1
libgudev-1_0-devel-210-116.22.1
libudev-devel-210-116.22.1
libudev1-210-116.22.1
libudev1-32bit-210-116.22.1
systemd-210-116.22.1
systemd-32bit-210-116.22.1
systemd-bash-completion-210-116.22.1
systemd-devel-210-116.22.1
systemd-sysvinit-210-116.22.1
typelib-1_0-GUdev-1_0-210-116.22.1
udev-210-116.22.1
Ссылки
- Link for SUSE-SU-2019:0425-1
- E-Mail link for SUSE-SU-2019:0425-1
- SUSE Security Ratings
- SUSE Bug 1125352
- SUSE CVE CVE-2019-6454 page
Описание
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libgudev-1_0-0-210-116.22.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libgudev-1_0-0-32bit-210-116.22.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libgudev-1_0-devel-210-116.22.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libudev-devel-210-116.22.1
Ссылки
- CVE-2019-6454
- SUSE Bug 1125352