A systemd security, bug fix, and enhancement update has been released for AlmaLinux.

ALSA-2021:1611 Moderate: systemd security, bug fix, and enhancement update

Type:
security

Severity:
moderate

Release date:
2021-05-18

Description
Security Fix(es):
* systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842)
* systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
CVE-2019-3842
CVE-2020-13776

Updates packages:
systemd-239-45.el8.i686.rpm
systemd-239-45.el8.x86_64.rpm
systemd-container-239-45.el8.i686.rpm
systemd-container-239-45.el8.x86_64.rpm
systemd-devel-239-45.el8.i686.rpm
systemd-devel-239-45.el8.x86_64.rpm
systemd-journal-remote-239-45.el8.x86_64.rpm
systemd-libs-239-45.el8.i686.rpm
systemd-libs-239-45.el8.x86_64.rpm
systemd-pam-239-45.el8.x86_64.rpm
systemd-tests-239-45.el8.x86_64.rpm
systemd-udev-239-45.el8.x86_64.rpm

Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2021:1611 Moderate: systemd security, bug fix, and enhancement update