| Revision Date: | 2019-01-28 | Version: | 1 | | Title: | CVE-2019-3815 on Ubuntu 18.10 (cosmic) - medium. | | Description: | A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-3815
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
NOT libnss-myhostname package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libnss-mymachines package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libnss-resolve package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libnss-systemd package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libpam-systemd package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libsystemd0 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libudev1 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT systemd package in cosmic, while related to the CVE in some way, is not affected.
OR NOT systemd-container package in cosmic, while related to the CVE in some way, is not affected.
OR NOT systemd-coredump package in cosmic, while related to the CVE in some way, is not affected.
OR NOT systemd-journal-remote package in cosmic, while related to the CVE in some way, is not affected.
OR NOT systemd-sysv package in cosmic, while related to the CVE in some way, is not affected.
OR NOT systemd-tests package in cosmic, while related to the CVE in some way, is not affected.
OR NOT udev package in cosmic, while related to the CVE in some way, is not affected.
|
|