[SECURITY] [DLA 3063-1] systemd security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3063-1] systemd security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 30 Jun 2022 16:41:03 +0200
Message-id: <[🔎] 20220630144100.GA31173@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3063-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
June 30, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : systemd
Version        : 232-25+deb9u14
CVE ID         : CVE-2020-1712
Debian Bug     : 950732

A heap use-after-free vulnerability was found in systemd, a system and
service manager, where asynchronous Polkit queries are performed while
handling dbus messages. A local unprivileged attacker can abuse this
flaw to crash systemd services or potentially execute code and elevate
their privileges, by sending specially crafted dbus messages.

For Debian 9 stretch, this problem has been fixed in version
232-25+deb9u14.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK9tW0ACgkQDTl9HeUl
XjBGOQ/+IUSzlEFBjawWOlPFDwUKGUDvAe8hyXmPGqD8ygL5SY1tCNNeZHv1iKvA
ZkLm/L96WCWO4P78odo/8H+613QTb6pDQ5kwH3VnuudZcJhgH2/WDZsTLfqmHbGx
auSCkjdPnJsrijNnQQSziuQZBWl/tqRugDP3SzLHSKgIPPQFkVY0Q0CAMdxE/eu9
X3NpwpDWfeN8IVyuRl4Me0cg9x7pxkXUSAeQKusC4Qf8Y+TEQdRYHpV4uz8W+lvZ
TPCN+qZYRqA8eHfVwoHQZxBwKad6Q01/9z1IITCtjlqxvpzfkc9STzK3L8AtnpDw
PfkAKMALwIiVryH7H8zUpS/28NDSTCtFDDGHyldo9HyCFc5/xrc3gGFBDD9lPQUd
/ecgEB3tduTbsNiyJIzH2j4tj/dE2LzQY71rryfdyyV4XtsUc21dFAbu1f8zq5Mv
dKe8v7/fpfVSL8PJGJMjb/3hpdOHoxk+JTwh6eTEyhsm/Y5i/x/w6NdF1YkdTBaM
GN8cJnjrD617pJR5R/lHJNfQ81KF1bPBuZE78U2Ym/u+ortF/U5kZPrAOtshWQKJ
7FqNdx3NAbfMjkHYgmnvhQgRz2G59XX9V5EjfOXQFwuzzzQt5zK0umVDLpuTnl6K
RNDcy1hNiaGVr05lK9onbd7DHo5qqh9Xa/A7cZfKIFgUOIutKJ4=
=Lrgr
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3062-1] ublock-origin security update
Next by Date: [SECURITY] [DLA 3064-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 3062-1] ublock-origin security update
Next by thread: [SECURITY] [DLA 3064-1] firefox-esr security update
Index(es):
- Date
- Thread