[ubuntu/questing-security] systemd 257.9-0ubuntu2.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Mar 23 20:02:48 UTC 2026
systemd (257.9-0ubuntu2.3) questing-security; urgency=medium
* SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd
- d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves
a leading slash in place
- d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag
- d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()
- d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently
* SECURITY UPDATE: Local root execution via malicious hardware devices
- d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch
- d/p/udev-fix-review-mixup.patch
- No CVE number
Date: 2026-03-16 12:41:10.311311+00:00
Changed-By: Nick Rosbrook <nick.rosbrook at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/systemd/257.9-0ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list