MGASA-2021-0304

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0304.html

Import Source

https://advisories.mageia.org/MGASA-2021-0304.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0304

Related

CVE-2020-13776

Published

2021-06-30T23:58:41Z

Modified

2021-06-30T22:39:00Z

Summary

Updated systemd packages fix a security vulnerability

Details

A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges (CVE-2020-13776).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / systemd

Package

Name: systemd
Purl: pkg:rpm/mageia/systemd?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

241-8.6.mga7

Ecosystem specific

{
    "section": "core"
}