-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4428-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 08, 2019                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : systemd
CVE ID         : CVE-2019-3842

Jann Horn discovered that the PAM module in systemd insecurely uses the
environment and lacks seat verification permitting spoofing an active
session to PolicyKit. A remote attacker with SSH access can take
advantage of this issue to gain PolicyKit privileges that are normally
only granted to clients in an active session on the local console.

For the stable distribution (stretch), this problem has been fixed in
version 232-25+deb9u11.

This update includes updates previously scheduled to be released in the
stretch 9.9 point release.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyrsfpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S19A//eYZPzdFbJILUh0RBa2uZAxRHrOBIb/UsDKVPu4wZrMJdPGHSZoL+R2RQ
Tm1xLhFU+dgMLjfx1n70NIvg5hjPRrhD+6A8QVeU5IcsrMm7cSEFAgj3H5Cok+SN
OndAGXQ/EoRrSTDUjnNA7x4H3oxlsnH8nnY4vMqLezlPimMve+hsUSmB/ggDfB9M
FoZX35xUsSb/VvxdLqdVM7SFpti63XzAyYOueshaseGNR76rXkaPbXBSpzmcOhaz
9f08i1XG0IeojM0iHzBvOR8skicAPIwFXVLTCt1QE3nqzYeRhZAcq5yifAVm0A6G
qzVihq36Sw1roz5uI95x/jBd+odLbSZBG3a7py7jMDsWi8lRkD3kftQVsF9OmUgE
FaJtVKCydcWDRA9zWDLMG/6XqRIpDviK8DY/9dq6VkG6VHswobMs87LsrKrdb1tC
SqIV2n0mvsUs+BeMI1DDZbJuoXKjHi+3hS+wLFrZ/TM+riAuUq4KbfbSR9JLQdVS
D9Vq4J+hECgquS7c/YjmwNm2IdK4R8oSYs410AOmaWB/1xPzn5u5j4HMe3D6DJ6h
8H20PL1O6npyJOWGNimfZDGoxTR87Qfv72v5s59FtJzSVxGLaynsgIv0+ZO0SGH7
80/FYzsd0O4AtrZhjF0jxhwcCmCDMfNO1rEm/whQkmPhdLNxgTM=flwI
-----END PGP SIGNATURE-----