cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1167.xml

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
	<DocumentTitle xml:lang="en">An update for systemd is now available for openEuler-20.03-LTS-SP3</DocumentTitle>
	<DocumentType>Security Advisory</DocumentType>
	<DocumentPublisher Type="Vendor">
		<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
		<IssuingAuthority>openEuler security committee</IssuingAuthority>
	</DocumentPublisher>
	<DocumentTracking>
		<Identification>
			<ID>openEuler-SA-2023-1167</ID>
		</Identification>
		<Status>Final</Status>
		<Version>1.0</Version>
		<RevisionHistory>
			<Revision>
				<Number>1.0</Number>
				<Date>2023-03-17</Date>
				<Description>Initial</Description>
			</Revision>
		</RevisionHistory>
		<InitialReleaseDate>2023-03-17</InitialReleaseDate>
		<CurrentReleaseDate>2023-03-17</CurrentReleaseDate>
		<Generator>
			<Engine>openEuler SA Tool V1.0</Engine>
			<Date>2023-03-17</Date>
		</Generator>
	</DocumentTracking>
	<DocumentNotes>
		<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">systemd security update</Note>
		<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for systemd is now available for openEuler-20.03-LTS-SP3.</Note>
		<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">systemd is a system and service manager that runs as PID 1 and starts the rest of the system.

Security Fix(es):

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the &quot;systemctl status&quot; command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.(CVE-2023-26604)</Note>
		<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for systemd is now available for openEuler-20.03-LTS-SP3.

openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
		<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
		<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">systemd</Note>
	</DocumentNotes>
	<DocumentReferences>
		<Reference Type="Self">
			<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1167</URL>
		</Reference>
		<Reference Type="openEuler CVE">
			<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-26604</URL>
		</Reference>
		<Reference Type="Other">
			<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-26604</URL>
		</Reference>
	</DocumentReferences>
	<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
		<Branch Type="Product Name" Name="openEuler">
			<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="aarch64">
			<FullProductName ProductID="systemd-debugsource-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-debugsource-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-devel-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-devel-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-libs-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-libs-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-udev-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-udev-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-journal-remote-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-journal-remote-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-udev-compat-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-udev-compat-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-container-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-container-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-debuginfo-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-debuginfo-243-60.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="systemd-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-243-60.oe1.aarch64.rpm</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="noarch">
			<FullProductName ProductID="systemd-help-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-help-243-60.oe1.noarch.rpm</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="src">
			<FullProductName ProductID="systemd-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-243-60.oe1.src.rpm</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="x86_64">
			<FullProductName ProductID="systemd-debugsource-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-debugsource-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-libs-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-libs-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-container-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-container-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-udev-compat-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-udev-compat-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-journal-remote-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-journal-remote-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-udev-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-udev-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-devel-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-devel-243-60.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="systemd-debuginfo-243-60" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">systemd-debuginfo-243-60.oe1.x86_64.rpm</FullProductName>
		</Branch>
	</ProductTree>
	<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
		<Notes>
			<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the  systemctl status  command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.</Note>
		</Notes>
		<ReleaseDate>2023-03-17</ReleaseDate>
		<CVE>CVE-2023-26604</CVE>
		<ProductStatuses>
			<Status Type="Fixed">
				<ProductID>openEuler-20.03-LTS-SP3</ProductID>
			</Status>
		</ProductStatuses>
		<Threats>
			<Threat Type="Impact">
				<Description>High</Description>
			</Threat>
		</Threats>
		<CVSSScoreSets>
			<ScoreSet>
				<BaseScore>7.8</BaseScore>
				<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
			</ScoreSet>
		</CVSSScoreSets>
		<Remediations>
			<Remediation Type="Vendor Fix">
				<Description>systemd security update</Description>
				<DATE>2023-03-17</DATE>
				<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1167</URL>
			</Remediation>
		</Remediations>
	</Vulnerability>
</cvrfdoc>