Package "libnss-mymachines"

Name: libnss-mymachines


nss module to resolve hostnames for local container instances

Latest version: 237-3ubuntu10.56
Release: bionic (18.04)
Level: security
Repository: universe
Head package: systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd


Download "libnss-mymachines"

Other versions of "libnss-mymachines" in Bionic

Repository Area Version
base universe 237-3ubuntu10
updates universe 237-3ubuntu10.56


Version: 237-3ubuntu10.56 2022-09-13 19:07:10 UTC

  systemd (237-3ubuntu10.56) bionic-security; urgency=medium

  * debian/udev.preinst:
    Add check_ID_NET_DRIVER() to ensure that on upgrade or install
    from an earlier version ID_NET_DRIVER is present on network
    interfaces. (LP: #1988119)

 -- Matthew Ruffell <email address hidden> Tue, 06 Sep 2022 15:18:05 +1200

Source diff to previous version
1988119 systemd-udevd: Run net_setup_link on 'change' uevents to prevent DNS outages on Azure

Version: 237-3ubuntu10.54 2022-08-29 11:06:20 UTC

  systemd (237-3ubuntu10.54) bionic-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability in systemd.
    - debian/patches/CVE-2022-2526.patch: pin stream while calling callbacks
      for it in src/resolve/resolved-dns-stream.c
    - CVE-2022-2526

 -- Nishit Majithia <email address hidden> Mon, 29 Aug 2022 10:28:49 +0530

Source diff to previous version
CVE-2022-2526 use-after-free when dealing with DnsStream in resolved-dns-stream.c

Version: 237-3ubuntu10.50 2021-07-22 02:06:23 UTC

  systemd (237-3ubuntu10.50) bionic-security; urgency=medium

  * d/p/lp1937117-revert-lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch:
    Revert patch due to users expecting previous buggy behavior
    (LP: #1937117)

 -- Dan Streetman <email address hidden> Wed, 21 Jul 2021 14:51:38 -0400

Source diff to previous version
1937117 misconfigured networkd may break after networkd restart

Version: 237-3ubuntu10.49 2021-07-20 17:06:29 UTC

  systemd (237-3ubuntu10.49) bionic-security; urgency=medium

    - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
      command in src/libsystemd-network/sd-dhcp-client.c.
    - CVE-2020-13529
  * SECURITY UPDATE: denial of service via stack exhaustion
    - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
      in src/basic/unit-name.c.
    - CVE-2021-33910

 -- Marc Deslauriers <email address hidden> Fri, 09 Jul 2021 11:12:13 -0400

Source diff to previous version
CVE-2020-13529 An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP

Version: 237-3ubuntu10.38 2020-02-05 17:07:11 UTC

  systemd (237-3ubuntu10.38) bionic-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via DynamicUser
    - debian/patches/CVE-2019-384x-1.patch: introduce
      seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
      in src/shared/seccomp-util.c, src/shared/seccomp-util.h.
    - debian/patches/CVE-2019-384x-2.patch: add test case for
      restrict_suid_sgid() in src/test/test-seccomp.c.
    - debian/patches/CVE-2019-384x-3.patch: expose SUID/SGID restriction as
      new unit setting RestrictSUIDSGID= in src/core/dbus-execute.c,
      src/core/execute.c, src/core/execute.h,
      src/core/load-fragment-gperf.gperf.m4, src/shared/bus-unit-util.c.
    - debian/patches/CVE-2019-384x-4.patch: document the new
      RestrictSUIDSGID= setting in man/systemd.exec.xml.
    - debian/patches/CVE-2019-384x-5.patch: turn on RestrictSUIDSGID= in
      most of our long-running daemons in units/systemd-*.service.in.
    - debian/patches/CVE-2019-384x-6.patch: imply NNP and SUID/SGID
      restriction for DynamicUser=yes service in man/systemd.exec.xml,
    - debian/patches/CVE-2019-384x-7.patch: fix compilation on arm64 in
    - CVE-2019-3843
    - CVE-2019-3844
  * SECURITY UPDATE: memory leak in button_open
    - debian/patches/CVE-2019-20386.patch: fix event in
    - CVE-2019-20386
  * SECURITY UPDATE: heap use-after-free with async polkit queries
    - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
      re-validate action/details in src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
      incoming messages in src/libsystemd/libsystemd.sym,
      src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
    - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
      re-resolve callback/userdata instead of caching it in
    - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
      src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
      src/systemd/sd-bus.h, src/shared/bus-util.c.
    - debian/libsystemd0.symbols: added new symbols.
    - CVE-2020-1712
  * This package does _not_ contain the changes from 237-3ubuntu10.34 in

 -- Marc Deslauriers <email address hidden> Tue, 04 Feb 2020 20:07:56 -0500

CVE-2019-3843 It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient s
CVE-2019-3844 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would al
CVE-2019-20386 An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may
CVE-2020-1712 heap use-after-free vulnerability

About   -   Send Feedback to @ubuntu_updates