Vulmon
Amazon Linux 2 Security Advisory: ALAS-2022-1854
Advisory Release Date: 2022-09-30 07:04 Pacific
Advisory Updated Date: 2022-10-10 21:54 Pacific
It was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". (CVE-2019-3842)
An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings. (CVE-2020-13529)
A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. In some particular configurations, this flaw allows local attackers to elevate their privileges. (CVE-2020-13776)
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in resolved-dns-stream.c not incrementing the reference counting for the
DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. (CVE-2022-2526)
Affected Packages:
systemd
Issue Correction:
Run yum update systemd to update your system.
aarch64:
systemd-219-78.amzn2.0.20.aarch64
systemd-libs-219-78.amzn2.0.20.aarch64
systemd-devel-219-78.amzn2.0.20.aarch64
systemd-sysv-219-78.amzn2.0.20.aarch64
systemd-python-219-78.amzn2.0.20.aarch64
libgudev1-219-78.amzn2.0.20.aarch64
libgudev1-devel-219-78.amzn2.0.20.aarch64
systemd-journal-gateway-219-78.amzn2.0.20.aarch64
systemd-networkd-219-78.amzn2.0.20.aarch64
systemd-resolved-219-78.amzn2.0.20.aarch64
systemd-debuginfo-219-78.amzn2.0.20.aarch64
i686:
systemd-219-78.amzn2.0.20.i686
systemd-libs-219-78.amzn2.0.20.i686
systemd-devel-219-78.amzn2.0.20.i686
systemd-sysv-219-78.amzn2.0.20.i686
systemd-python-219-78.amzn2.0.20.i686
libgudev1-219-78.amzn2.0.20.i686
libgudev1-devel-219-78.amzn2.0.20.i686
systemd-journal-gateway-219-78.amzn2.0.20.i686
systemd-networkd-219-78.amzn2.0.20.i686
systemd-resolved-219-78.amzn2.0.20.i686
systemd-debuginfo-219-78.amzn2.0.20.i686
src:
systemd-219-78.amzn2.0.20.src
x86_64:
systemd-219-78.amzn2.0.20.x86_64
systemd-libs-219-78.amzn2.0.20.x86_64
systemd-devel-219-78.amzn2.0.20.x86_64
systemd-sysv-219-78.amzn2.0.20.x86_64
systemd-python-219-78.amzn2.0.20.x86_64
libgudev1-219-78.amzn2.0.20.x86_64
libgudev1-devel-219-78.amzn2.0.20.x86_64
systemd-journal-gateway-219-78.amzn2.0.20.x86_64
systemd-networkd-219-78.amzn2.0.20.x86_64
systemd-resolved-219-78.amzn2.0.20.x86_64
systemd-debuginfo-219-78.amzn2.0.20.x86_64