Ubuntu
systemd package

systemd 237-3ubuntu10.38 source package in Ubuntu

Changelog

systemd (237-3ubuntu10.38) bionic-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation via DynamicUser
    - debian/patches/CVE-2019-384x-1.patch: introduce
      seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
      in src/shared/seccomp-util.c, src/shared/seccomp-util.h.
    - debian/patches/CVE-2019-384x-2.patch: add test case for
      restrict_suid_sgid() in src/test/test-seccomp.c.
    - debian/patches/CVE-2019-384x-3.patch: expose SUID/SGID restriction as
      new unit setting RestrictSUIDSGID= in src/core/dbus-execute.c,
      src/core/execute.c, src/core/execute.h,
      src/core/load-fragment-gperf.gperf.m4, src/shared/bus-unit-util.c.
    - debian/patches/CVE-2019-384x-4.patch: document the new
      RestrictSUIDSGID= setting in man/systemd.exec.xml.
    - debian/patches/CVE-2019-384x-5.patch: turn on RestrictSUIDSGID= in
      most of our long-running daemons in units/systemd-*.service.in.
    - debian/patches/CVE-2019-384x-6.patch: imply NNP and SUID/SGID
      restriction for DynamicUser=yes service in man/systemd.exec.xml,
      src/core/unit.c.
    - debian/patches/CVE-2019-384x-7.patch: fix compilation on arm64 in
      src/test/test-seccomp.c.
    - CVE-2019-3843
    - CVE-2019-3844
  * SECURITY UPDATE: memory leak in button_open
    - debian/patches/CVE-2019-20386.patch: fix event in
      src/login/logind-button.c.
    - CVE-2019-20386
  * SECURITY UPDATE: heap use-after-free with async polkit queries
    - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
      re-validate action/details in src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
      incoming messages in src/libsystemd/libsystemd.sym,
      src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
    - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
      re-resolve callback/userdata instead of caching it in
      src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
      src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
      src/systemd/sd-bus.h, src/shared/bus-util.c.
    - debian/libsystemd0.symbols: added new symbols.
    - CVE-2020-1712
  * This package does _not_ contain the changes from 237-3ubuntu10.34 in
    bionic-proposed.

 -- Marc Deslauriers <email address hidden>  Tue, 04 Feb 2020 20:07:56 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
linux-any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
systemd_237.orig.tar.gz 6.6 MiB c83dabbe1c9de6b9db1dafdb7e04140c7d0535705c68842f6c0768653ba4913c
systemd_237-3ubuntu10.38.debian.tar.xz 240.6 KiB 98e67dd78e24bbf083d9d2455bbb2e45e562c8e08bc282fbb76cd5c3e818fda9
systemd_237-3ubuntu10.38.dsc 5.0 KiB d3d5c3b8dc6c84657308afa434b2bafd081adf7ec91c94f5c075d85edfe9e7c5

View changes file

Binary packages built by this source

libnss-myhostname: nss module providing fallback resolution for the current hostname

 This package contains a plugin for the Name Service Switch, providing host
 name resolution for the locally configured system hostname as returned by
 gethostname(2). It returns all locally configured public IP addresses or -- if
 none are configured, the IPv4 address 127.0.1.1 (which is on the local
 loopback) and the IPv6 address ::1 (which is the local host).
 .
 A lot of software relies on that the local host name is resolvable. This
 package provides an alternative to the fragile and error-prone manual editing
 of /etc/hosts.
 .
 Installing this package automatically adds myhostname to /etc/nsswitch.conf.

libnss-myhostname-dbgsym: debug symbols for libnss-myhostname
libnss-mymachines: nss module to resolve hostnames for local container instances

 nss-mymachines is a plugin for the GNU Name Service Switch (NSS) functionality
 of the GNU C Library (glibc) providing hostname resolution for local containers
 that are registered with systemd-machined.service(8). The container names are
 resolved to IP addresses of the specific container, ordered by their scope.
 .
 Installing this package automatically adds mymachines to /etc/nsswitch.conf.

libnss-mymachines-dbgsym: debug symbols for libnss-mymachines
libnss-resolve: nss module to resolve names via systemd-resolved

 nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality
 of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via
 the systemd-resolved daemon (provided in the systemd package).
 .
 Installing this package automatically adds resolve to /etc/nsswitch.conf.

libnss-resolve-dbgsym: debug symbols for libnss-resolve
libnss-systemd: nss module providing dynamic user and group name resolution

 nss-systemd is a plug-in module for the GNU Name Service Switch (NSS)
 functionality of the GNU C Library (glibc), providing UNIX user and group name
 resolution for dynamic users and groups allocated through the DynamicUser=
 option in systemd unit files. See systemd.exec(5) for details on this
 option.
 .
 Installing this package automatically adds the module to /etc/nsswitch.conf.

libnss-systemd-dbgsym: debug symbols for libnss-systemd
libpam-systemd: system and service manager - PAM module

 This package contains the PAM module which registers user sessions in
 the systemd control group hierarchy for logind.
 .
 If in doubt, do install this package.
 .
 Packages that depend on logind functionality need to depend on libpam-systemd.

libpam-systemd-dbgsym: debug symbols for libpam-systemd
libsystemd-dev: systemd utility library - development files

 The libsystemd0 library provides interfaces to various systemd components.
 .
 This package contains the development files.

libsystemd0: systemd utility library

 The libsystemd0 library provides interfaces to various systemd components.

libsystemd0-dbgsym: debug symbols for libsystemd0
libudev-dev: libudev development files

 This package contains the files needed for developing applications that
 use libudev.

libudev1: libudev shared library

 This library provides access to udev device information.

libudev1-dbgsym: debug symbols for libudev1
libudev1-udeb: libudev shared library

 This library provides access to udev device information.
 .
 This is a minimal version, only for use in the installation system.

systemd: system and service manager

 systemd is a system and service manager for Linux. It provides aggressive
 parallelization capabilities, uses socket and D-Bus activation for starting
 services, offers on-demand starting of daemons, keeps track of processes using
 Linux control groups, maintains mount and automount points and implements an
 elaborate transactional dependency-based service control logic.
 .
 systemd is compatible with SysV and LSB init scripts and can work as a
 drop-in replacement for sysvinit.
 .
 Installing the systemd package will not switch your init system unless you
 boot with init=/bin/systemd or install systemd-sysv in addition.

systemd-container: systemd container/nspawn tools

 This package provides systemd's tools for nspawn and container/VM management:
  * systemd-nspawn
  * systemd-machined and machinectl
  * systemd-importd

systemd-container-dbgsym: debug symbols for systemd-container
systemd-coredump: tools for storing and retrieving coredumps

 This package provides systemd tools for storing and retrieving coredumps:
  * systemd-coredump
  * coredumpctl

systemd-coredump-dbgsym: debug symbols for systemd-coredump
systemd-dbgsym: debug symbols for systemd
systemd-journal-remote: tools for sending and receiving remote journal logs

 This package provides tools for sending and receiving remote journal logs:
  * systemd-journal-remote
  * systemd-journal-upload
  * systemd-journal-gatewayd

systemd-journal-remote-dbgsym: debug symbols for systemd-journal-remote
systemd-sysv: system and service manager - SysV links

 systemd is a system and service manager for Linux. It provides aggressive
 parallelization capabilities, uses socket and D-Bus activation for starting
 services, offers on-demand starting of daemons, keeps track of processes using
 Linux control groups, maintains mount and automount points and implements an
 elaborate transactional dependency-based service control logic.
 .
 systemd is compatible with SysV and LSB init scripts and can work as a
 drop-in replacement for sysvinit.
 .
 This package provides the manual pages and links needed for systemd
 to replace sysvinit. Installing systemd-sysv will overwrite /sbin/init with a
 link to systemd.

systemd-tests: tests for systemd

 This package contains the test binaries. Those binaries are primarily used
 for autopkgtest and not meant to be installed on regular user systems.

systemd-tests-dbgsym: debug symbols for systemd-tests
udev: /dev/ and hotplug management daemon

 udev is a daemon which dynamically creates and removes device nodes from
 /dev/, handles hotplug events and loads drivers at boot time.

udev-dbgsym: debug symbols for udev
udev-udeb: /dev/ and hotplug management daemon

 udev is a daemon which dynamically creates and removes device nodes from
 /dev/, handles hotplug events and loads drivers at boot time.
 .
 This is a minimal version, only for use in the installation system.