[SECURITY] [DLA 3063-1] systemd security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3063-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
June 30, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : systemd
Version : 232-25+deb9u14
CVE ID : CVE-2020-1712
Debian Bug : 950732
A heap use-after-free vulnerability was found in systemd, a system and
service manager, where asynchronous Polkit queries are performed while
handling dbus messages. A local unprivileged attacker can abuse this
flaw to crash systemd services or potentially execute code and elevate
their privileges, by sending specially crafted dbus messages.
For Debian 9 stretch, this problem has been fixed in version
232-25+deb9u14.
We recommend that you upgrade your systemd packages.
For the detailed security status of systemd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/systemd
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmK9tW0ACgkQDTl9HeUl
XjBGOQ/+IUSzlEFBjawWOlPFDwUKGUDvAe8hyXmPGqD8ygL5SY1tCNNeZHv1iKvA
ZkLm/L96WCWO4P78odo/8H+613QTb6pDQ5kwH3VnuudZcJhgH2/WDZsTLfqmHbGx
auSCkjdPnJsrijNnQQSziuQZBWl/tqRugDP3SzLHSKgIPPQFkVY0Q0CAMdxE/eu9
X3NpwpDWfeN8IVyuRl4Me0cg9x7pxkXUSAeQKusC4Qf8Y+TEQdRYHpV4uz8W+lvZ
TPCN+qZYRqA8eHfVwoHQZxBwKad6Q01/9z1IITCtjlqxvpzfkc9STzK3L8AtnpDw
PfkAKMALwIiVryH7H8zUpS/28NDSTCtFDDGHyldo9HyCFc5/xrc3gGFBDD9lPQUd
/ecgEB3tduTbsNiyJIzH2j4tj/dE2LzQY71rryfdyyV4XtsUc21dFAbu1f8zq5Mv
dKe8v7/fpfVSL8PJGJMjb/3hpdOHoxk+JTwh6eTEyhsm/Y5i/x/w6NdF1YkdTBaM
GN8cJnjrD617pJR5R/lHJNfQ81KF1bPBuZE78U2Ym/u+ortF/U5kZPrAOtshWQKJ
7FqNdx3NAbfMjkHYgmnvhQgRz2G59XX9V5EjfOXQFwuzzzQt5zK0umVDLpuTnl6K
RNDcy1hNiaGVr05lK9onbd7DHo5qqh9Xa/A7cZfKIFgUOIutKJ4=
=Lrgr
-----END PGP SIGNATURE-----
Reply to: