ELA-81-1 systemd security update

privilege escalation and denial-of-service

Packagesystemd
Version44-11+deb7u6
Related CVE CVE-2018-1049 CVE-2018-15686

CVE-2018-15686

Jann Horn of Google discovered a vulnerability in unit_deserialize of
systemd that allows a local attacker to supply arbitrary state across
systemd re-execution via NotifyAccess. This can be used to improperly
influence systemd execution and possibly lead to root privilege escalation.

CVE-2018-1049

In systemd exists a race condition between .mount and .automount units such
that automount requests from kernel may not be serviced by systemd
resulting in kernel holding the mountpoint and any processes that try to
use said mount will hang. A race condition like this may lead to denial of
service, until mount points are unmounted.

For Debian 7 Wheezy, these problems have been fixed in version 44-11+deb7u6.

We recommend that you upgrade your systemd packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/