Debian Security Advisory

DLA-1762-2 systemd -- LTS security update

Date Reported:
26 Apr 2019
Affected Packages:
systemd
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

In the recently uploaded systemd security update (215-17+deb8u12 via DLA-1762-1), a regression was discovered in the fix for CVE-2017-18078.

The observation of Debian jessie LTS users was, that after upgrading to +deb8u12 temporary files would not have the correct ownerships and permissions anymore (instead of a file being owned by a specific user and/or group, files were being owned by root:root; setting POSIX file permissions (rwx, etc.) was also affected).

For Debian 8 Jessie, this regression problem has been fixed in version 215-17+deb8u13.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

For Debian 6 Squeeze, these issues have been fixed in systemd version 215-17+deb8u13