Source: systemd Version: 241-3 Severity: important Tags: security upstream Forwarded: https://github.com/systemd/systemd/pull/12378
Hi, The following vulnerability was published for systemd. CVE-2018-20839[0]: | systemd 242 changes the VT1 mode upon a logout, which allows attackers | to read cleartext passwords in certain circumstances, such as watching | a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because | the KDGKBMODE (aka current keyboard mode) check is mishandled. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20839 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839 [1] https://github.com/systemd/systemd/pull/12378 [2] https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f [3] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993 Please adjust the affected versions in the BTS as needed. Regards, Salvatore