[ubuntu/xenial-security] systemd 229-4ubuntu21.27 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Feb 5 16:29:51 UTC 2020 

systemd (229-4ubuntu21.27) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect PIDFile verification
    - debian/patches/CVE-2018-16888.patch: be stricter when handling PID
      files and MAINPID sd_notify() messages in man/systemd.service.xml,
      src/core/manager.c, src/core/service.c, src/core/unit.h,
      test/TEST-20-MAINPIDGAMES/Makefile,
      test/TEST-20-MAINPIDGAMES/test.sh,
      test/TEST-20-MAINPIDGAMES/testsuite.sh, test/test-functions.
    - debian/patches/CVE-2018-16888-2.patch: relax PID file symlink chain
      checks a bit in src/core/service.c.
    - CVE-2018-16888
  * SECURITY UPDATE: memory leak in button_open
    - debian/patches/CVE-2019-20386.patch: fix event in
      src/login/logind-button.c.
    - CVE-2019-20386
  * SECURITY UPDATE: heap use-after-free with async polkit queries
    - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
      re-validate action/details in src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
      incoming messages in src/libsystemd/libsystemd.sym,
      src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
    - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
      re-resolve callback/userdata instead of caching it in
      src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
      src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
      src/systemd/sd-bus.h, src/shared/bus-util.c.
    - debian/libsystemd0.symbols: added new symbols.
    - CVE-2020-1712

systemd (229-4ubuntu21.23) xenial; urgency=medium

  * d/p/core-use-an-AF_UNIX-SOCK_DGRAM-socket-for-cgroup-age.patch:
    - prevent logind from leaking session files (LP: #1846787)

systemd (229-4ubuntu21.22) xenial; urgency=medium

  [ Dan Streetman ]
  * d/t/systemd-fsckd, d/t/cmdline-upstart-boot:
    - skip on s390x; requires grub (LP: #1830477)
  * d/p/ask-password-prevent-buffer-overrow-when-reading-fro.patch:
    - prevent buffer overflow when reading keyring (LP: #1814373)

  [ Dimitri John Ledkov ]
  * Specify Ubuntu's Vcs-Git

  [ Balint Reczey ]
  * Append /snap/bin to default PATH.
    Snapd ships snapd-env-generator, but systemd does not not support
    environment generators. Hard-coding /snap/bin is less risky than
    backporting environment generator support and since snaps are considered
    to be first class packages on Ubuntu /snap/bin can safely added to
    the default PATH. (LP: #1771858)

  [ Ioanna Alifieraki ]
  * d/p/systemctl-Replace-check_one_unit-by-get_state_one_un.patch
    - Backport upstream PR#2768 needed for next patch
  * d/p/systemctl-load-unit-if-needed-in-systemctl-is-active.patch
    - Backport upstream PR#7997 to fix alias service reports inactive while
      aliased is active (LP: #1828892)

Date: 2020-02-05 13:46:02.736063+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.27
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list