An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1538
Final
1.0
1.0
2022-02-26
Initial
2022-02-26
2022-02-26
openEuler SA Tool V1.0
2022-02-26
systemd security update
An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
systemd is a system and service manager that runs as PID 1 and starts the rest of the system.
Security Fix(es):
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.(CVE-2020-13776)
An update for systemd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
systemd
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1538
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-13776
https://nvd.nist.gov/vuln/detail/CVE-2020-13776
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
systemd-container-243-50.oe1.aarch64.rpm
systemd-devel-243-50.oe1.aarch64.rpm
systemd-journal-remote-243-50.oe1.aarch64.rpm
systemd-243-50.oe1.aarch64.rpm
systemd-libs-243-50.oe1.aarch64.rpm
systemd-udev-compat-243-50.oe1.aarch64.rpm
systemd-debugsource-243-50.oe1.aarch64.rpm
systemd-debuginfo-243-50.oe1.aarch64.rpm
systemd-udev-243-50.oe1.aarch64.rpm
systemd-debuginfo-243-51.oe1.aarch64.rpm
systemd-journal-remote-243-51.oe1.aarch64.rpm
systemd-udev-243-51.oe1.aarch64.rpm
systemd-udev-compat-243-51.oe1.aarch64.rpm
systemd-libs-243-51.oe1.aarch64.rpm
systemd-debugsource-243-51.oe1.aarch64.rpm
systemd-devel-243-51.oe1.aarch64.rpm
systemd-container-243-51.oe1.aarch64.rpm
systemd-243-51.oe1.aarch64.rpm
systemd-container-243-54.oe1.aarch64.rpm
systemd-debugsource-243-54.oe1.aarch64.rpm
systemd-devel-243-54.oe1.aarch64.rpm
systemd-libs-243-54.oe1.aarch64.rpm
systemd-udev-243-54.oe1.aarch64.rpm
systemd-udev-compat-243-54.oe1.aarch64.rpm
systemd-243-54.oe1.aarch64.rpm
systemd-journal-remote-243-54.oe1.aarch64.rpm
systemd-debuginfo-243-54.oe1.aarch64.rpm
systemd-help-243-50.oe1.noarch.rpm
systemd-help-243-51.oe1.noarch.rpm
systemd-help-243-54.oe1.noarch.rpm
systemd-243-50.oe1.src.rpm
systemd-243-51.oe1.src.rpm
systemd-243-54.oe1.src.rpm
systemd-243-50.oe1.x86_64.rpm
systemd-udev-compat-243-50.oe1.x86_64.rpm
systemd-container-243-50.oe1.x86_64.rpm
systemd-debugsource-243-50.oe1.x86_64.rpm
systemd-journal-remote-243-50.oe1.x86_64.rpm
systemd-devel-243-50.oe1.x86_64.rpm
systemd-udev-243-50.oe1.x86_64.rpm
systemd-debuginfo-243-50.oe1.x86_64.rpm
systemd-libs-243-50.oe1.x86_64.rpm
systemd-debuginfo-243-51.oe1.x86_64.rpm
systemd-libs-243-51.oe1.x86_64.rpm
systemd-container-243-51.oe1.x86_64.rpm
systemd-journal-remote-243-51.oe1.x86_64.rpm
systemd-udev-243-51.oe1.x86_64.rpm
systemd-debugsource-243-51.oe1.x86_64.rpm
systemd-243-51.oe1.x86_64.rpm
systemd-devel-243-51.oe1.x86_64.rpm
systemd-udev-compat-243-51.oe1.x86_64.rpm
systemd-udev-243-54.oe1.x86_64.rpm
systemd-libs-243-54.oe1.x86_64.rpm
systemd-debuginfo-243-54.oe1.x86_64.rpm
systemd-243-54.oe1.x86_64.rpm
systemd-devel-243-54.oe1.x86_64.rpm
systemd-debugsource-243-54.oe1.x86_64.rpm
systemd-journal-remote-243-54.oe1.x86_64.rpm
systemd-udev-compat-243-54.oe1.x86_64.rpm
systemd-container-243-54.oe1.x86_64.rpm
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
2022-02-26
CVE-2020-13776
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.7
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
systemd security update
2022-02-26
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1538