Bug 10300

Summary: systemd security vulnerability (CVE-2019-15718)
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED INVALID QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alzim, andrey.bondrov, denis.silakov, m.novosyolov, mc2374
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2019-0330.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2019-15718
RPM Package: systemd ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2019-11-20 14:29:39 MSK 
Nadav Markus from Palo Alto Networks discovered that systemd-resolved
does not enforce appropriate access controls on its D-Bus interface and
allows unprivileged users to execute methods that are meant to be
available only to privileged users. This can be exploited by local users
to modify the system's DNS resolver settings (CVE-2019-15718).

This update also adds various upstream fixes for networkd, resolved,
updates the manpages, fixing some logging messages and adds some missing
checks that can potentially be used to cause crashes or malfunction.

The syscall filter list has been updated to properly support newer glibc
and kernel features with seccomp and nspawn.
Comment 1 Mikhail Novosyolov 2019-11-22 03:11:35 MSK 
It is already fixed in systemd-243 which is already in repos.