Test Kennung:	1.3.6.1.4.1.25623.1.0.852518
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for systemd (openSUSE-SU-2019:1450-1)
Zusammenfassung:	The remote host is missing an update for the 'systemd'; package(s) announced via the openSUSE-SU-2019:1450-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'systemd' package(s) announced via the openSUSE-SU-2019:1450-1 advisory. Vulnerability Insight: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-1450=1 Affected Software/OS: 'systemd' package(s) on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-6954 https://github.com/systemd/systemd/issues/7986 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E SuSE Security Announcement: openSUSE-SU-2019:1450 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html https://usn.ubuntu.com/3816-1/ https://usn.ubuntu.com/3816-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-3842 https://www.exploit-db.com/exploits/46743/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/ http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2019-6454 BugTraq ID: 107081 http://www.securityfocus.com/bid/107081 Debian Security Information: DSA-4393-1 (Google Search) https://www.debian.org/security/2019/dsa-4393 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/ https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html http://www.openwall.com/lists/oss-security/2019/02/18/3 http://www.openwall.com/lists/oss-security/2019/02/19/1 http://www.openwall.com/lists/oss-security/2021/07/20/2 RedHat Security Advisories: RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0368 RedHat Security Advisories: RHSA-2019:0990 https://access.redhat.com/errata/RHSA-2019:0990 RedHat Security Advisories: RHSA-2019:1322 https://access.redhat.com/errata/RHSA-2019:1322 RedHat Security Advisories: RHSA-2019:1502 https://access.redhat.com/errata/RHSA-2019:1502 RedHat Security Advisories: RHSA-2019:2805 https://access.redhat.com/errata/RHSA-2019:2805 SuSE Security Announcement: SUSE-SA:2019:0255-1 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html https://usn.ubuntu.com/3891-1/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.