| Descripción: | Summary:
The remote host is missing an update for the 'libgudev1-219-62.el7'
package(s) announced via the CESA-2019:0049 advisory.
Vulnerability Insight:
The systemd packages contain systemd, a system and service manager for
Linux, compatible with the SysV and LSB init scripts. It provides
aggressive parallelism capabilities, uses socket and D-Bus activation for
starting services, offers on-demand starting of daemons, and keeps track of
processes using Linux cgroups. In addition, it supports snapshotting and
restoring of the system state, maintains mount and automount points, and
implements an elaborate transactional dependency-based service control
logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
* systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option
handling (CVE-2018-15688)
* systemd: stack overflow when calling syslog from a command with long
cmdline (CVE-2018-16864)
* systemd: stack overflow when receiving many journald entries
(CVE-2018-16865)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Ubuntu Security Team for reporting
CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and
CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the
original reporter of CVE-2018-15688.
Affected Software/OS:
libgudev1-219-62.el7_ on CentOS 7.
Solution:
Please install the updated package(s).
CVSS Score:
5.8
CVSS Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
