UbuntuUpdates.org

Package "systemd-container"

Name: systemd-container

Description:

systemd container/nspawn tools

Latest version: 245.4-4ubuntu3.20
Release: focal (20.04)
Level: security
Repository: main
Head package: systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd

Links


Download "systemd-container"


Other versions of "systemd-container" in Focal

Repository Area Version
base main 245.4-4ubuntu3
updates main 245.4-4ubuntu3.23

Changelog

Version: 245.4-4ubuntu3.20 2023-03-07 19:07:04 UTC

  systemd (245.4-4ubuntu3.20) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overrun vulnerability in format_timespan()
    - debian/patches/CVE-2022-3821.patch: time-util: fix buffer-over-run
    - CVE-2022-3821
  * SECURITY UPDATE: information leak vulnerability in systemd-coredump
    - debian/patches/CVE-2022-4415.patch: do not allow user to access
      coredumps with changed uid/gid/capabilities
    - CVE-2022-4415

 -- Nishit Majithia <email address hidden> Thu, 02 Mar 2023 18:28:02 +0530

Source diff to previous version
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time a
CVE-2022-4415 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpab

Version: 245.4-4ubuntu3.15 2022-01-13 01:06:25 UTC

  systemd (245.4-4ubuntu3.15) focal-security; urgency=medium

  * SECURITY UPDATE: systemd-tmpfiles could be made to crash.
    - d/p/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch:
      Backport upstream patch from PR#20173
    - d/p/rm-rf-optionally-fsync-after-removing-directory-tree.patch:
      Backport upstream patch required for CVE-2021-3997 patches
    - d/p/CVE-2021-3997-1.patch: Backport upstream patch to refactor
      rm_rf_children_inner()
    - d/p/CVE-2021-3997-2.patch: Backport upstream patch to refactor
      rm_rf()
    - d/p/CVE-2021-3997-3.patch: Backport upstream patch to loop over
      nested directories instead of using recursion
    - CVE-2021-3997

 -- Alex Murray <email address hidden> Mon, 10 Jan 2022 15:26:38 +1030

Source diff to previous version
CVE-2021-3997 Uncontrolled recursion in systemd's systemd-tmpfiles

Version: 245.4-4ubuntu3.11 2021-07-22 02:06:27 UTC

  systemd (245.4-4ubuntu3.11) focal-security; urgency=medium

  * d/p/lp1937117/0001-revert-lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch,
    d/p/lp1937117/0002-avoid-changing-interface-master-if-interface-already-up.patch:
    - Don't change interface master if interface is already up,
      due to users expecting previous buggy behavior (LP: #1937117)

 -- Dan Streetman <email address hidden> Wed, 21 Jul 2021 15:00:21 -0400

Source diff to previous version
1937117 misconfigured networkd may break after networkd restart

Version: 245.4-4ubuntu3.10 2021-07-20 17:06:33 UTC

  systemd (245.4-4ubuntu3.10) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via DHCP FORCERENEW
    - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
      command in src/libsystemd-network/sd-dhcp-client.c.
    - CVE-2020-13529
  * SECURITY UPDATE: denial of service via stack exhaustion
    - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
      in src/basic/unit-name.c.
    - CVE-2021-33910

 -- Marc Deslauriers <email address hidden> Tue, 20 Jul 2021 07:39:51 -0400

CVE-2020-13529 An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP



About   -   Send Feedback to @ubuntu_updates