========================================================================= Ubuntu Security Notice USN-5928-1 March 07, 2023 systemd vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in systemd. Software Description: - systemd: system and service manager Details: It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan() function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3821) It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415) It was discovered that systemd did not properly manage a crash with long backtrace data. A local attacker could possibly use this issue to cause a deadlock, leading to a denial of service attack. This issue only affected Ubuntu 22.10. (CVE-2022-45873) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: systemd 251.4-1ubuntu7.1 Ubuntu 22.04 LTS: systemd 249.11-0ubuntu3.7 Ubuntu 20.04 LTS: systemd 245.4-4ubuntu3.20 Ubuntu 18.04 LTS: systemd 237-3ubuntu10.57 Ubuntu 16.04 ESM: systemd 229-4ubuntu21.31+esm3 Ubuntu 14.04 ESM: systemd 204-5ubuntu20.31+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5928-1 CVE-2022-3821, CVE-2022-4415, CVE-2022-45873 Package Information: https://launchpad.net/ubuntu/+source/systemd/251.4-1ubuntu7.1 https://launchpad.net/ubuntu/+source/systemd/249.11-0ubuntu3.7 https://launchpad.net/ubuntu/+source/systemd/245.4-4ubuntu3.20 https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.57