========================================================================== Ubuntu Security Notice USN-3938-1 April 08, 2019
systemd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: The systemd PAM module could be used to gain additional PolicyKit privileges. Software Description: - systemd: system and service manager Details: Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libpam-systemd 239-7ubuntu10.12 Ubuntu 18.04 LTS: libpam-systemd 237-3ubuntu10.19 Ubuntu 16.04 LTS: libpam-systemd 229-4ubuntu21.21 Ubuntu 14.04 LTS: libpam-systemd 204-5ubuntu20.31 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3938-1 CVE-2019-3842 Package Information: https://launchpad.net/ubuntu/+source/systemd/239-7ubuntu10.12 https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.19 https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.21 https://launchpad.net/ubuntu/+source/systemd/204-5ubuntu20.31
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
