Lucene search

Gentoo FoundationMGASA-2018-0094

HistoryJan 25, 2018 - 1:37 a.m.

Updated systemd packages fix security vulnerability

2018-01-2501:37:59

Gentoo Foundation

advisories.mageia.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.009 Low

EPSS

Percentile

83.1%

JSON

In systemd prior to 234 a race exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race like this may lead to denial of service, until mount points are unmounted (CVE-2018-1049).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchsystemd< 230-12.3systemd-230-12.3.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	systemd	< 230-12.3	systemd-230-12.3.mga6

References

openwall.com/lists/oss-security/2018/01/19/8

bugs.mageia.org/show_bug.cgi?id=22430

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for MGASA-2018-0094