MGASA-2021-0365

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0365.html

Import Source

https://advisories.mageia.org/MGASA-2021-0365.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0365

Related

Published

2021-07-22T07:08:00Z

Modified

2022-02-17T18:21:47Z

Summary

Updated systemd packages fix security vulnerabilities

Details

This systemd update provides the v246.15 maintenance release and fixes at least the following security issues:

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server (CVE-2020-13529).

basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash (CVE-2021-29270).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / systemd

Package

Name: systemd
Purl: pkg:rpm/mageia/systemd?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

246.15-1.mga8

Ecosystem specific

{
    "section": "core"
}