Ubuntu update for systemd

Published: 2019-01-11 16:10:22
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2018-16864
CVE-2018-16865
CVE-2018-16866
CVSSv3 7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CWE ID CWE-119
CWE-125
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software systemd (Ubuntu package)
Vulnerable software versions systemd (Ubuntu package) 229-4ubuntu21.11
systemd (Ubuntu package) 239-7ubuntu10.5
systemd (Ubuntu package) 239-7ubuntu10.4

Show more

Vendor URL Canonical Ltd.

Security Advisory

1) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges to conduct further attacks.

Remediation

Update the affected packages.

Ubuntu 18.10
systemd - 239-7ubuntu10.6
Ubuntu 18.04 LTS
systemd - 237-3ubuntu10.11
Ubuntu 16.04 LTS
systemd - 229-4ubuntu21.15

External links

https://usn.ubuntu.com/3855-1/

2) Memory corruption

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges to conduct further attacks.

Remediation

Update the affected packages.

Ubuntu 18.10
systemd - 239-7ubuntu10.6
Ubuntu 18.04 LTS
systemd - 237-3ubuntu10.11
Ubuntu 16.04 LTS
systemd - 229-4ubuntu21.15

External links

https://usn.ubuntu.com/3855-1/

3) Out-of-bounds read

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when handling malicious input. A local attacker can run a specially crafted application and access memory processes data.

Remediation

Update the affected packages.

Ubuntu 18.10
systemd - 239-7ubuntu10.6
Ubuntu 18.04 LTS
systemd - 237-3ubuntu10.11
Ubuntu 16.04 LTS
systemd - 229-4ubuntu21.15

External links

https://usn.ubuntu.com/3855-1/

Back to List