VDB

MAGEIA-2019-330

MAGEIA-2019-330 PUBLISHED

Updated systemd packages fix security vulnerability: Nadav Markus from Palo Alto Networks discovered that systemd-resolved does not enforce appropriate access controls on its D-Bus interface and allows unprivileged users to execute methods that are meant to be available only to privileged users. This can be exploited by local users to modify the system's DNS resolver settings (CVE-2019-15718). This update also adds various upstream fixes for networkd, resolved, updates the manpages, fixing some logging messages and adds some missing checks that can potentially be used to cause crashes or malfunction. The syscall filter list has been updated to properly support newer glibc and kernel features with seccomp and nspawn.

Affected Products

VendorProductVersions
Mageiasystemd0, 241-8.4.mga7

Timeline

  • Nov 19, 2019 CVE Updated
  • Nov 19, 2019 CVE Published
  • Mar 17, 2026 Distribution Patch
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›