Advisories » MGASA-2020-0094

Updated systemd packages fix security vulnerabilities

Publication date: 21 Feb 2020
Modification date: 21 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20386 , CVE-2020-1712

Description

Updated systemd packages fix security vulnerabilities:

It was discovered that systemd incorrectly handled certain udevadm trigger
commands. A local attacker could possibly use this issue to cause systemd
to consume resources, leading to a denial of service (CVE-2019-20386).

Tavis Ormandy discovered that systemd incorrectly handled certain Polkit
queries. A local attacker could use this issue to cause systemd to crash,
resulting in a denial of service, or possibly execute arbitrary code and
escalate privileges (CVE-2020-1712).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25964
• https://usn.ubuntu.com/4269-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712

SRPMS

7/core

• systemd-241-8.5.mga7