Headline
RHSA-2022:6163: Red Hat Security Advisory: systemd security update
An update for systemd is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-08-24
Updated:
2022-08-24
RHSA-2022:6163 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: systemd security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for systemd is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
- systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2109926 - CVE-2022-2526 systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
systemd-239-18.el8_1.11.src.rpm
SHA-256: 92bed237ad89424c1bdb8ef5e813bedc4167930f5b52c02b2446ea4bc5656337
ppc64le
systemd-239-18.el8_1.11.ppc64le.rpm
SHA-256: 3584587df0a5ef93eb04ce109c23f900a994c4e4968d4a0caf4a162644e7855d
systemd-container-239-18.el8_1.11.ppc64le.rpm
SHA-256: 1c78597dd218f1552d1876d4e7b6ed9b295f063a431b84efd1053985c64b2b01
systemd-container-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: 1b4a4e78a9f080c6879021b0e4ecf25a01b62cfa1db1ac30d708604189bdf876
systemd-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: eab8e5b08d7731c07450a73a536615561f02bcd8ba69f23342239aa39164978b
systemd-debugsource-239-18.el8_1.11.ppc64le.rpm
SHA-256: 50ba277c894888058c44a3189061177fbaaf5ab484a6e82d1812a46f306969e7
systemd-devel-239-18.el8_1.11.ppc64le.rpm
SHA-256: 0246e60e011f744ace42c838c7601023bdcc4859c2c27659340254257fd32ba7
systemd-journal-remote-239-18.el8_1.11.ppc64le.rpm
SHA-256: 4b285b02d291e7c96fdb409166d1b9221415d2823a093bd89eb0e268da992ded
systemd-journal-remote-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: d30f0888501f2a64fd1c9fdd3204efaad0b17a59458e10914e27760571ccbd51
systemd-libs-239-18.el8_1.11.ppc64le.rpm
SHA-256: 238ee33b7f0ac073fdea4ae6c7283c7740b95722a02574d341eb7d4b00df56ac
systemd-libs-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: 0481981a4cb81a529d86dc194e10b4a2dc6c3223c283d2f531ddd62d01d3128b
systemd-pam-239-18.el8_1.11.ppc64le.rpm
SHA-256: 032179041086c3a93b9564d7928c369e621ebaa796f04da2d55deb1f1b5a0537
systemd-pam-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: 548a698f50407618ddb0b31098c79c7ef64177572930f5a00e98754420950b33
systemd-tests-239-18.el8_1.11.ppc64le.rpm
SHA-256: 03ad413ccc3955e6f8b2bd38077a96c0b0aabcdae97f5caae23e28490642b497
systemd-tests-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: e738081adb267eba18a6980acedb83d34fd2197a82baa551a517ec49243f7ebe
systemd-udev-239-18.el8_1.11.ppc64le.rpm
SHA-256: 1012ccb55881dc29767d65421462c8b3cbaab2322d65c3ea5abfc6a691937bf4
systemd-udev-debuginfo-239-18.el8_1.11.ppc64le.rpm
SHA-256: 19e394f6a4549689e5257985eeb8971b07bab7769d26bd9f26de823ca5483fb8
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
systemd-239-18.el8_1.11.src.rpm
SHA-256: 92bed237ad89424c1bdb8ef5e813bedc4167930f5b52c02b2446ea4bc5656337
x86_64
systemd-239-18.el8_1.11.i686.rpm
SHA-256: 490ba7ba25827594be1e90c1b7492f595cbd338d4f803820c6ed185f3e83c7ee
systemd-239-18.el8_1.11.x86_64.rpm
SHA-256: 7da31ea9cd682f565f5c1ce05e167a83d3c02c8032bf88f4b988962d4d968685
systemd-container-239-18.el8_1.11.i686.rpm
SHA-256: eba2c0576f9131de65eadb961ff08ceb775b78a17e112dc5d9d723232154ae78
systemd-container-239-18.el8_1.11.x86_64.rpm
SHA-256: f0e22df3849039e8d5143616794535c1bd3a0fe478c8275e3f91f0bc81d387ec
systemd-container-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: 0e56d90fca9d90c73f3d039fe4adc9d6609d92d595a62d2267e9cfaa38e29b38
systemd-container-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: 98d9d055baea8eee1dc31ec90169fa8dd61477ddf2738093ab364a2b0b1b522f
systemd-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: 115191e79a7f04bde5b29861375c5e9c8803735cc6d438a2f99f9f2c8e4c496e
systemd-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: b466404f29082ba4b7af2ed0adacdf84ae4d5ff7515c996da9c980faf337d687
systemd-debugsource-239-18.el8_1.11.i686.rpm
SHA-256: 7923b7c8938e540ec3863510fa8efb04d637f15b216065d08d880b996bef6c06
systemd-debugsource-239-18.el8_1.11.x86_64.rpm
SHA-256: 619bc1e49dcb8413f0958da6fb280e952e6ee9cbac9cdf58c6b2280b2eab332d
systemd-devel-239-18.el8_1.11.i686.rpm
SHA-256: 82957bc3fc8fff0c0328384b1fae9c851224c770da4ee2b32f9717e2a7685186
systemd-devel-239-18.el8_1.11.x86_64.rpm
SHA-256: 812c285c4844fc381f3dd97583abf5b8cdad2905c0640342f311b2048343fbe3
systemd-journal-remote-239-18.el8_1.11.x86_64.rpm
SHA-256: 00ac6612f2b9adb650a445ac3b38243b46d82dc82da2e9dd6f6b798219ed81a1
systemd-journal-remote-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: cf41b5b1f6981373a075457470c315a82bc373e1c8749633bd6fee9ac3e244a0
systemd-journal-remote-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: 916f001ee93b0c5af7a84670c23d67a682b135119bd3d5dc47bd6594e534d099
systemd-libs-239-18.el8_1.11.i686.rpm
SHA-256: b3dc10734b1cf5e78f30c450fb8ce7f2420f85ed63a6d7ba406918e9e2622eba
systemd-libs-239-18.el8_1.11.x86_64.rpm
SHA-256: 8faf234572ad647431c04504a6112cbab2d3d9027b892f177e5a6a2ed7184473
systemd-libs-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: 8cf05b61229eeb2e7c21c51cc283c03ed4ca31803562f354c0f1a436ce12a8ae
systemd-libs-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: bbad504d3e04070d80d44da79d6954d5983a45d598a049943b7177f52d4a6868
systemd-pam-239-18.el8_1.11.x86_64.rpm
SHA-256: f9f8d7bcd8b77657447ffd0c7e55a126ffe3132979d436f311596319026354e7
systemd-pam-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: e034b3c524b212d896b161f5be1b85a6c03d25a18b7b5b97fa5b93a8c8669acd
systemd-pam-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: c639b638d0826d9612aafa3424e76bcd19e1efd1e9af4abbb81d4b9f8b500244
systemd-tests-239-18.el8_1.11.x86_64.rpm
SHA-256: 6ee0409fd505a93573be9dc18f58559be8e53276acc0c9dda5951607c04d17fc
systemd-tests-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: a302ca59c5daa48671e193fa904082e19575c1429190e6f2eacaf505c0c6310c
systemd-tests-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: 3c0c12e8026ae22453785c6c65f39aaa7ca210efb4fafe1c928f146064e86389
systemd-udev-239-18.el8_1.11.x86_64.rpm
SHA-256: ef4c4186093b28294222c5302cfec396850744251e260dba556066e3643cff6f
systemd-udev-debuginfo-239-18.el8_1.11.i686.rpm
SHA-256: a1f0ce8840a7b56b89432eecae134aa672fdf0f91582921c3beba52bf0472b0b
systemd-udev-debuginfo-239-18.el8_1.11.x86_64.rpm
SHA-256: adffedd2ed54c50a4ed76a01496e59a062d550eb2ac20c41eefed5f1f430ac0e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...
Red Hat Security Advisory 2022-6681-01 - Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important.
An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-...
Red Hat Security Advisory 2022-6507-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Container Platform release 4.7.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass
OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...
Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include denial of service and out of bounds read vulnerabilities.
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6183-01 - Logging Subsystem 5.4.5 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6345-01 - Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...
Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
Red Hat Security Advisory 2022-6206-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 5583-1 - It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
Red Hat Security Advisory 2022-6163-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6160-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-6161-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
An update for systemd is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
An update for systemd is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2526: systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c