Ubuntu Security Notice 3816-3 - USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. Various other issues were also addressed.
cb9b05c78f4e62578d79c6d74bb3b6230e89ffde7e11bd266932cddb628c5b23
Ubuntu Security Notice 3816-2 - USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
eb71de28a7d0a6a7812f411191e7266a1699b349c54bd396dd6e5120e7f392c4
Ubuntu Security Notice 3816-1 - Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
abc96db7edf9cdd68a2e5665d1928fcdcdbbb4e4a2f6079a5b3fe6b7f2ebcaf4
Gentoo Linux Security Advisory 201810-10 - Multiple vulnerabilities have been found in systemd, the worst of which may allow execution of arbitrary code. Versions less than 239-r2 are affected.
4e10f54a2a7d8d156388008d057f53546272531513abcf3297727fb227b280e3
Linux suffers from an issue with systemd where chown_one() can dereference symlinks.
d697c36e79f99a67f9cd338b7bd29e048c68c6bb76813a6a4825722f969d23a4