Advisories » MGASA-2021-0304

Updated systemd packages fix a security vulnerability

Publication date: 30 Jun 2021
Modification date: 30 Jun 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13776

Description

A flaw was found in systemd, where it mishandles numerical usernames beginning
with decimal digits, or "0x" followed by hexadecimal digits. When the usernames
are used by systemd, for example in service units, an unexpected user may be
used instead. In some particular configurations, this flaw allows local
attackers to elevate their privileges (CVE-2020-13776).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27043
• https://access.redhat.com/errata/RHSA-2021:1611
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776

SRPMS

7/core

• systemd-241-8.6.mga7