Advisories » MGASA-2014-0188

Updated systemd packages fix a buffer overflow

Publication date: 23 Apr 2014
Modification date: 23 Apr 2014
Type: security
Affected Mageia releases : 3 , 4

Description

A stack-based buffer overflow was found in systemd-ask-password, a utility
used to query a system password or passphrase from the user, using a
question message specified on the command line. A local user could this
flaw to crash the binary or even execute arbitrary code with the
permissions of the user running the program.

The systemd packages shipped with Mageia 3 and 4 have been updated to
address this vulnerability.

Additionally, the Mageia 4 packages include various other general
stability and performance fixed deemed appropriate for the stable
updates.
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131370.html
• https://bugs.mageia.org/show_bug.cgi?id=13219

SRPMS

4/core

• systemd-208-10.5.mga4

3/core

• systemd-195-22.2.mga3