[ubuntu/focal-proposed] systemd 244.1-0ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 5 19:09:15 UTC 2020 

systemd (244.1-0ubuntu3) focal; urgency=medium

  * SECURITY UPDATE: heap use-after-free with async polkit queries
    - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
      re-validate action/details in src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
      incoming messages in src/libsystemd/libsystemd.sym,
      src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
    - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
      re-resolve callback/userdata instead of caching it in
      src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
      src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
      src/systemd/sd-bus.h, src/shared/bus-util.c.
    - debian/libsystemd0.symbols: added new symbols.
    - CVE-2020-1712

Date: Wed, 05 Feb 2020 12:56:57 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/systemd/244.1-0ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Feb 2020 12:56:57 -0500
Source: systemd
Architecture: source
Version: 244.1-0ubuntu3
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 systemd (244.1-0ubuntu3) focal; urgency=medium
 .
   * SECURITY UPDATE: heap use-after-free with async polkit queries
     - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
       re-validate action/details in src/shared/bus-util.c.
     - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
       incoming messages in src/libsystemd/libsystemd.sym,
       src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
     - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
       re-resolve callback/userdata instead of caching it in
       src/shared/bus-util.c.
     - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
       src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
       src/systemd/sd-bus.h, src/shared/bus-util.c.
     - debian/libsystemd0.symbols: added new symbols.
     - CVE-2020-1712
Checksums-Sha1:
 e85d82c14ccc190f85311a1f93da0ce96220e215 5136 systemd_244.1-0ubuntu3.dsc
 7ed6e625e180d6d73db951c829261515f87b8aa8 189188 systemd_244.1-0ubuntu3.debian.tar.xz
 87f1a985c1cff4bb89bcf8513ea093e695bce2e4 10646 systemd_244.1-0ubuntu3_source.buildinfo
Checksums-Sha256:
 17ef573e1624f349f1799d98824853dd19a988ac52eec19bbf6667efd35c7513 5136 systemd_244.1-0ubuntu3.dsc
 5bd411ce3026016ca880c9ae6701b29df62a8a841ade6e1a2bb76f2230279515 189188 systemd_244.1-0ubuntu3.debian.tar.xz
 d6eb95a399a725707339ed580f4779a7d7f0056b522ad3685a07ef97ecfe0102 10646 systemd_244.1-0ubuntu3_source.buildinfo
Files:
 c66bb8a6eb2715f1c5aba2906ffdde28 5136 admin optional systemd_244.1-0ubuntu3.dsc
 8bc2dc27faf1d50bae1611a60b50708c 189188 admin optional systemd_244.1-0ubuntu3.debian.tar.xz
 1caf47a19b8dc0a6b24821b457e3bd38 10646 admin optional systemd_244.1-0ubuntu3_source.buildinfo
Original-Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl47EeUACgkQZWnYVadE
vpNrIBAAqqi6EWky/wB0iC2gln3jlRN/up2nhd2p5RBopOhWE237k2YYDhDOHnJb
kQm/MRK6ejiGnoNXJA0w3s52SGgylV/+E9+k6UVTQRyO22nVlAvyUODR/DcveASI
6ql8kB4nGwyev7rgfNg2KAHLKdvm59/w8XjASygHJEAxHEKiRIhCwQEQSgF0lNJf
8TYmTMrfPXN3PLYGZgvmql2U8tPGMI9gqgFY1L77pDjgAUKJj/bj7wcV5zfHMfWL
TkHfSwGIuGE2WUYd7BezZ2eppAue5236jHM+NW94pj7pT8xNwKyhFeVs8ToA8/Dh
mVmaj4unv+8+BV2waHIF/d6Pyj48gIxD1Uo6rtQzpSmdTf0kdgjSJibfdFb8Vl07
cwNQg9zm3Z1mGdM6CEq1Nq1fqi8c5Dkx2GIUhmzKGIsSbKewtiIcb8u9wXCCVOsu
+qMvIyD45G0JZ6R++hn04q0YCcxfzoX4juQ3ierXPTfHEv5+PhKJioGC08i5cnNA
dVrMopCcTbAZZe2IMagsw9LdYAl+dttoq8gAXq+76QuLZ2cAC1/nVZhQz3c+/jZu
KI5eYzEBHHsfk+fCauTC2r9WvhGpj1knAjefPpNorSSHZnPz1hkExQk7viWrHdoD
kUNMQt3y1spc3fCgP7Bg61SJEFrkRjOtcjuZt32qNRKBqSpXYb8=
=hoA3
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list