Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-1762-2 systemd

Debian Security Advisory

DLA-1762-2 systemd -- LTS security update

Date Reported:

26 Apr 2019

Affected Packages:

systemd

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

In the recently uploaded systemd security update (215-17+deb8u12 via DLA-1762-1), a regression was discovered in the fix for CVE-2017-18078.

The observation of Debian jessie LTS users was, that after upgrading to +deb8u12 temporary files would not have the correct ownerships and permissions anymore (instead of a file being owned by a specific user and/or group, files were being owned by root:root; setting POSIX file permissions (rwx, etc.) was also affected).

For Debian 8 Jessie, this regression problem has been fixed in version 215-17+deb8u13.

We recommend that you upgrade your systemd packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS