Manjaro – [Stable Update] 2019-01-19 – Security update to Systemd v239 series

Another Stable Manjaro update. Which includes pwoss.xyz.

 

Hi community,

Welcome to our third stable update of 2019. So what do we have with this one?

We addressed the following security issues within systemd v239 series:

  • CVE-2018-15686 1: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.
  • CVE-2018-15687 1: A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files.
  • CVE-2018-6954_2: systemd-tmpfiles in systemd through 239 mishandles symlinks present in non-terminal path components.
  • CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog.
  • CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket.
  • CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’.

This is also addressed with v239.6-4 in our testing branch and with v240.275-1 in our unstable branch.

We hope with all these changes Manjaro to be more efficient for you all.

 

More at – forum.manjaro.org