Bug#929116: systemd: CVE-2018-20839
Salvatore Bonaccorso
carnil at debian.org
Fri May 17 13:11:21 BST 2019
Source: systemd
Version: 241-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/systemd/systemd/pull/12378
Hi,
The following vulnerability was published for systemd.
CVE-2018-20839[0]:
| systemd 242 changes the VT1 mode upon a logout, which allows attackers
| to read cleartext passwords in certain circumstances, such as watching
| a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because
| the KDGKBMODE (aka current keyboard mode) check is mishandled.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20839
[1] https://github.com/systemd/systemd/pull/12378
[2] https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
[3] https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-systemd-maintainers
mailing list