QID 239327
Date Published: 2021-05-20
QID 239327: Red Hat Update for systemd (RHSA-2021:1611)
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es): systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
On successful exploitation, it could allow an attacker to execute code.
Refer to Red Hat security advisory RHSA-2021:1611 to address this issue and obtain more information.
- RHSA-2021:1611 -
access.redhat.com/errata/RHSA-2021:1611?language=en
CVEs related to QID 239327
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:1611 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:1611?language=en |