Updated systemd packages fix security vulnerabilities
Publication date: 21 Feb 2020Modification date: 21 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20386 , CVE-2020-1712
Description
Updated systemd packages fix security vulnerabilities: It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service (CVE-2019-20386). Tavis Ormandy discovered that systemd incorrectly handled certain Polkit queries. A local attacker could use this issue to cause systemd to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges (CVE-2020-1712).
References
SRPMS
7/core
- systemd-241-8.5.mga7