Debian Security Advisory
DLA-1762-2 systemd -- LTS security update
- Date Reported:
- 26 Apr 2019
- Affected Packages:
- systemd
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
In the recently uploaded systemd security update (215-17+deb8u12 via DLA-1762-1), a regression was discovered in the fix for CVE-2017-18078.
The observation of Debian jessie LTS users was, that after upgrading to +deb8u12 temporary files would not have the correct ownerships and permissions anymore (instead of a file being owned by a specific user and/or group, files were being owned by root:root; setting POSIX file permissions (rwx, etc.) was also affected).
For Debian 8
Jessie
, this regression problem has been fixed in version 215-17+deb8u13.We recommend that you upgrade your systemd packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS