An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1538 Final 1.0 1.0 2022-02-26 Initial 2022-02-26 2022-02-26 openEuler SA Tool V1.0 2022-02-26 systemd security update An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fix(es): systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.(CVE-2020-13776) An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium systemd https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1538 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-13776 https://nvd.nist.gov/vuln/detail/CVE-2020-13776 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 systemd-container-243-50.oe1.aarch64.rpm systemd-devel-243-50.oe1.aarch64.rpm systemd-journal-remote-243-50.oe1.aarch64.rpm systemd-243-50.oe1.aarch64.rpm systemd-libs-243-50.oe1.aarch64.rpm systemd-udev-compat-243-50.oe1.aarch64.rpm systemd-debugsource-243-50.oe1.aarch64.rpm systemd-debuginfo-243-50.oe1.aarch64.rpm systemd-udev-243-50.oe1.aarch64.rpm systemd-debuginfo-243-51.oe1.aarch64.rpm systemd-journal-remote-243-51.oe1.aarch64.rpm systemd-udev-243-51.oe1.aarch64.rpm systemd-udev-compat-243-51.oe1.aarch64.rpm systemd-libs-243-51.oe1.aarch64.rpm systemd-debugsource-243-51.oe1.aarch64.rpm systemd-devel-243-51.oe1.aarch64.rpm systemd-container-243-51.oe1.aarch64.rpm systemd-243-51.oe1.aarch64.rpm systemd-container-243-54.oe1.aarch64.rpm systemd-debugsource-243-54.oe1.aarch64.rpm systemd-devel-243-54.oe1.aarch64.rpm systemd-libs-243-54.oe1.aarch64.rpm systemd-udev-243-54.oe1.aarch64.rpm systemd-udev-compat-243-54.oe1.aarch64.rpm systemd-243-54.oe1.aarch64.rpm systemd-journal-remote-243-54.oe1.aarch64.rpm systemd-debuginfo-243-54.oe1.aarch64.rpm systemd-help-243-50.oe1.noarch.rpm systemd-help-243-51.oe1.noarch.rpm systemd-help-243-54.oe1.noarch.rpm systemd-243-50.oe1.src.rpm systemd-243-51.oe1.src.rpm systemd-243-54.oe1.src.rpm systemd-243-50.oe1.x86_64.rpm systemd-udev-compat-243-50.oe1.x86_64.rpm systemd-container-243-50.oe1.x86_64.rpm systemd-debugsource-243-50.oe1.x86_64.rpm systemd-journal-remote-243-50.oe1.x86_64.rpm systemd-devel-243-50.oe1.x86_64.rpm systemd-udev-243-50.oe1.x86_64.rpm systemd-debuginfo-243-50.oe1.x86_64.rpm systemd-libs-243-50.oe1.x86_64.rpm systemd-debuginfo-243-51.oe1.x86_64.rpm systemd-libs-243-51.oe1.x86_64.rpm systemd-container-243-51.oe1.x86_64.rpm systemd-journal-remote-243-51.oe1.x86_64.rpm systemd-udev-243-51.oe1.x86_64.rpm systemd-debugsource-243-51.oe1.x86_64.rpm systemd-243-51.oe1.x86_64.rpm systemd-devel-243-51.oe1.x86_64.rpm systemd-udev-compat-243-51.oe1.x86_64.rpm systemd-udev-243-54.oe1.x86_64.rpm systemd-libs-243-54.oe1.x86_64.rpm systemd-debuginfo-243-54.oe1.x86_64.rpm systemd-243-54.oe1.x86_64.rpm systemd-devel-243-54.oe1.x86_64.rpm systemd-debugsource-243-54.oe1.x86_64.rpm systemd-journal-remote-243-54.oe1.x86_64.rpm systemd-udev-compat-243-54.oe1.x86_64.rpm systemd-container-243-54.oe1.x86_64.rpm systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. 2022-02-26 CVE-2020-13776 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H systemd security update 2022-02-26 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1538