ID

VAR-202003-1125

CVE

CVE-2020-1712

TITLE

Systemd Resource Management Error Vulnerability

DESCRIPTION

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. systemd Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Systemd is a Linux-based system and service manager for German Lennart Poettering software developers. This product is compatible with SysV and LSB startup scripts, and provides a framework for expressing dependencies between system services. Systemd has a resource management error vulnerability, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time. (CVE-2018-16888). Bug Fix(es): * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: systemd security update Advisory ID: RHSA-2020:0564-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0564 Issue date: 2020-02-20 CVE Names: CVE-2020-1712 ==================================================================== 1. Summary: An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: systemd-239-13.el8_0.7.src.rpm aarch64: systemd-239-13.el8_0.7.aarch64.rpm systemd-container-239-13.el8_0.7.aarch64.rpm systemd-container-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-debugsource-239-13.el8_0.7.aarch64.rpm systemd-devel-239-13.el8_0.7.aarch64.rpm systemd-journal-remote-239-13.el8_0.7.aarch64.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-libs-239-13.el8_0.7.aarch64.rpm systemd-libs-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-pam-239-13.el8_0.7.aarch64.rpm systemd-pam-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-tests-239-13.el8_0.7.aarch64.rpm systemd-tests-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-udev-239-13.el8_0.7.aarch64.rpm systemd-udev-debuginfo-239-13.el8_0.7.aarch64.rpm ppc64le: systemd-239-13.el8_0.7.ppc64le.rpm systemd-container-239-13.el8_0.7.ppc64le.rpm systemd-container-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-debugsource-239-13.el8_0.7.ppc64le.rpm systemd-devel-239-13.el8_0.7.ppc64le.rpm systemd-journal-remote-239-13.el8_0.7.ppc64le.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-libs-239-13.el8_0.7.ppc64le.rpm systemd-libs-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-pam-239-13.el8_0.7.ppc64le.rpm systemd-pam-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-tests-239-13.el8_0.7.ppc64le.rpm systemd-tests-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-udev-239-13.el8_0.7.ppc64le.rpm systemd-udev-debuginfo-239-13.el8_0.7.ppc64le.rpm s390x: systemd-239-13.el8_0.7.s390x.rpm systemd-container-239-13.el8_0.7.s390x.rpm systemd-container-debuginfo-239-13.el8_0.7.s390x.rpm systemd-debuginfo-239-13.el8_0.7.s390x.rpm systemd-debugsource-239-13.el8_0.7.s390x.rpm systemd-devel-239-13.el8_0.7.s390x.rpm systemd-journal-remote-239-13.el8_0.7.s390x.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.s390x.rpm systemd-libs-239-13.el8_0.7.s390x.rpm systemd-libs-debuginfo-239-13.el8_0.7.s390x.rpm systemd-pam-239-13.el8_0.7.s390x.rpm systemd-pam-debuginfo-239-13.el8_0.7.s390x.rpm systemd-tests-239-13.el8_0.7.s390x.rpm systemd-tests-debuginfo-239-13.el8_0.7.s390x.rpm systemd-udev-239-13.el8_0.7.s390x.rpm systemd-udev-debuginfo-239-13.el8_0.7.s390x.rpm x86_64: systemd-239-13.el8_0.7.i686.rpm systemd-239-13.el8_0.7.x86_64.rpm systemd-container-239-13.el8_0.7.i686.rpm systemd-container-239-13.el8_0.7.x86_64.rpm systemd-container-debuginfo-239-13.el8_0.7.i686.rpm systemd-container-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-debuginfo-239-13.el8_0.7.i686.rpm systemd-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-debugsource-239-13.el8_0.7.i686.rpm systemd-debugsource-239-13.el8_0.7.x86_64.rpm systemd-devel-239-13.el8_0.7.i686.rpm systemd-devel-239-13.el8_0.7.x86_64.rpm systemd-journal-remote-239-13.el8_0.7.x86_64.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.i686.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-libs-239-13.el8_0.7.i686.rpm systemd-libs-239-13.el8_0.7.x86_64.rpm systemd-libs-debuginfo-239-13.el8_0.7.i686.rpm systemd-libs-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-pam-239-13.el8_0.7.x86_64.rpm systemd-pam-debuginfo-239-13.el8_0.7.i686.rpm systemd-pam-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-tests-239-13.el8_0.7.x86_64.rpm systemd-tests-debuginfo-239-13.el8_0.7.i686.rpm systemd-tests-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-udev-239-13.el8_0.7.x86_64.rpm systemd-udev-debuginfo-239-13.el8_0.7.i686.rpm systemd-udev-debuginfo-239-13.el8_0.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1712 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXk8DR9zjgjWX9erEAQgBCg//bdjwG4MYbuUKH41pwWeyyVXLClAEkUTT irLt1PiN07Ij5q0Gd9UTrd0SAsmUZTWpgSfPktIHldaWmTSfUPAX6v7ls2Rsivqr ut7n34YIP5DFKk6UKVl6HBGv8O+H/4Now/2NyizaNVjM0FI8vE27OlObfE7Y2UX6 BUPtRK/4rEl2pqEthSI1Kj/PRgc2B+nfvXbhK2BrRqG8WW0CUeDBC1I1GvpJbQEG D/IVBt5GKFdAN+f2MvN4aldShOej31BbUGrewISOsfd61epJl4QTGHMKqt0e58q2 axRrPcigMj5tKDa6Dr55ubs1xDQ2sAk/3wyy+RLhQEexWTZJUc19O+nvM8/stfFd 0DlYxg7j8p0BKODcab733VcveoRZj+AQp87umHjvvoTHR9eaCECCXqyHGOF9Tgfy X2PhZniainF2qMH9jlEQeF3n1EwRw0aaFhrEX49OOMufeGHHBCz3yAyAlvb73qcT gfFiZb3Y2X3FbnRZTwv8bSXy9/tp1LA9QWfrX/hNpHYnPNcsJAdrLxOAjdLXL7sd XLIPPQ3kydDRjZ1S4tUzJgRwiq4T6gR4HMF6lHF0s9HIp9l6R3PoQpfPZiK1Ffsf HSzoC6UXy+fI9OesRyKQuCOErujb9ZBpNIcZkxjXLt6vUAh75peSOd9vnzullSAl QZ/iez2MHuc=dZRW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: systemd: Heap use-after-free Date: March 15, 2020 Bugs: #708806 ID: 202003-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A heap use-after-free flaw in systemd at worst might allow an attacker to execute arbitrary code. Background ========== A system and service manager. Workaround ========== There is no known workaround at this time. Resolution ========== All systemd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/systemd-244.3" References ========== [ 1 ] CVE-2020-1712 https://nvd.nist.gov/vuln/detail/CVE-2020-1712 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-20 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development. Solution: To start using CodeReady Workspaces, download and install it using the instructions provided in the Red Hat CodeReady Workspaces Installation Guide linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1816789 - CVE-2020-10689 che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods 5. JIRA issues fixed (https://issues.jboss.org/): CRW-402 - CRW 2.1 devfiles CRW-507 - CRW 2.1 Overall Epic CRW-510 - When not using TLS, Openshift plugin does not allow login via UI (but does work via console login) CRW-533 - Factory are never redirecting to the IDE once loaded CRW-535 - update factories link in CRW dashboard to point to updated user doc CRW-537 - Patches in che-theia repo for theia are not applied in crw-theia build CRW-544 - CRW 2.1 plugins+images CRW-572 - Node 10 example results in "Error: Cannot find module 'express'" CRW-573 - CRW 2.0.x branding update CRW-574 - Cannot inject a devfile or plugin at runtime (container doesn't include yq or build scripts) CRW-784 - Tag not replaced by digest in the `latest` version of plugins in the registry 6. ========================================================================== Ubuntu Security Notice USN-4269-1 February 05, 2020 systemd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in systemd. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888) It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386) Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-1712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: systemd 242-7ubuntu3.6 Ubuntu 18.04 LTS: systemd 237-3ubuntu10.38 Ubuntu 16.04 LTS: systemd 229-4ubuntu21.27 After a standard system update you need to reboot your computer to make all the necessary changes

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu,Red Hat,Gentoo

SOURCES

LAST UPDATE DATE

2024-08-14T12:44:11.311000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE