[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1711-1] systemd security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : systemd
Version        : 215-17+deb8u11
CVE ID         : CVE-2019-3815
Debian Bug     : 924060

A memory leak was discovered in the backport of fixes for
CVE-2018-16864 in systemd-journald.

Function dispatch_message_real() in journald-server.c does not free
allocated memory to store the `_CMDLINE=` entry. A local attacker may
use this flaw to make systemd-journald crash.

Note that as the systemd-journald service is not restarted automatically
a restart of the service or more safely a reboot is advised.

For Debian 8 "Jessie", this problem has been fixed in version
215-17+deb8u11.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyI+3hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQBCBAAuRxc5S6w7gbiX2rWJVEALcDOR1o3tVzgJ2nWEoRhSVo7Ugnon8CWTMCs
aYzXrZL1lIxwTjTGx0LtjIj4C1A/47uK4jugHG/k9eosxlmHPkp5BcYJiHubpetv
poXPT0GjnvDv/ARynsrF9Rq7M3pkx9Kq55SiNqixol3M9sHHBvZiKIbseSo89KDo
Zk+V2bhlgs574BsG04cuTZQoia23fIlL//NslH9xA+t5fUH/bu38HVp6vRe3rMEg
zV1uV3XNKv0IFc7HeAbZM3okKSK6MKaITaprWzsOUPlTkcUqu45mlFyWCsXymTGv
4EXqcHOhg2Z20bSKQMhhN0g2T+Vqsecand3AXwHnhPaKTu5qFuEXujZf7cLD5BoU
qTI2lU2yr95K43ZIQ+kxWE+HkoxZgqVh7DSxR7lWAYHv/n8tGFCXVZ2oHynKNwi0
unNHUjsKbvfdym0uBR/o9SzYNXUfDZoAo7QDtecl1wBfAVjWMkrjO4xOfUmjdcj4
02CH5zoTOw1oOI/0SRkGwauXxfPPosi09rE6iL+pcdTu0LpmR4p+5VV5CNGOPE6f
V2bqJTRREye2BMV4lnq9QQlZ3MgaVRNZGvqH/ut2nGZKCvBpIOPqp1yWgfntcFrA
yjGP0raxkpBhg+6W2paw/x50vpSdQsBNjRtxXQmR0WabJVBUN0A=
=YPDI
-----END PGP SIGNATURE-----


Reply to: