Advisories ยป MGASA-2020-0094

Updated systemd packages fix security vulnerabilities

Publication date: 21 Feb 2020
Modification date: 21 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20386 , CVE-2020-1712

Description

Updated systemd packages fix security vulnerabilities:

It was discovered that systemd incorrectly handled certain udevadm trigger
commands. A local attacker could possibly use this issue to cause systemd
to consume resources, leading to a denial of service (CVE-2019-20386).

Tavis Ormandy discovered that systemd incorrectly handled certain Polkit
queries. A local attacker could use this issue to cause systemd to crash,
resulting in a denial of service, or possibly execute arbitrary code and
escalate privileges (CVE-2020-1712).
                

References

SRPMS

7/core