ELA-81-1 systemd security update

privilege escalation and denial-of-service

Related CVEs CVE-2018-1049 CVE-2018-15686


Jann Horn of Google discovered a vulnerability in unit_deserialize of
systemd that allows a local attacker to supply arbitrary state across
systemd re-execution via NotifyAccess. This can be used to improperly
influence systemd execution and possibly lead to root privilege escalation.


In systemd exists a race condition between .mount and .automount units such
that automount requests from kernel may not be serviced by systemd
resulting in kernel holding the mountpoint and any processes that try to
use said mount will hang. A race condition like this may lead to denial of
service, until mount points are unmounted.

For Debian 7 Wheezy, these problems have been fixed in version 44-11+deb7u6.

We recommend that you upgrade your systemd packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/