[ubuntu/bionic-updates] systemd 237-3ubuntu10.6 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Nov 12 14:58:17 UTC 2018


systemd (237-3ubuntu10.6) bionic-security; urgency=medium

  * SECURITY UPDATE: reexec state injection
    - debian/patches/CVE-2018-15686.patch: when deserializing state always use
      read_line(…, LONG_LINE_MAX, …) rather than fgets()
    - CVE-2018-15686
  * SECURITY UPDATE: chown_one() can dereference symlinks
    - debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
    - CVE-2018-15687
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
      recursively through directory trees
    - CVE-2018-6954

Date: 2018-11-08 12:16:13.385851+00:00
Changed-By: Chris Coulson <chrisccoulson at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.6
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list