| Revision Date: | 2019-01-28 | Version: | 1 | | Title: | CVE-2019-3815 on Ubuntu 16.04 LTS (xenial) - medium. | | Description: | A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-3815
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libnss-myhostname package in xenial, while related to the CVE in some way, is not affected.
OR NOT libnss-mymachines package in xenial, while related to the CVE in some way, is not affected.
OR NOT libnss-resolve package in xenial, while related to the CVE in some way, is not affected.
OR NOT libpam-systemd package in xenial, while related to the CVE in some way, is not affected.
OR NOT libsystemd0 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libudev1 package in xenial, while related to the CVE in some way, is not affected.
OR NOT systemd package in xenial, while related to the CVE in some way, is not affected.
OR NOT systemd-container package in xenial, while related to the CVE in some way, is not affected.
OR NOT systemd-coredump package in xenial, while related to the CVE in some way, is not affected.
OR NOT systemd-journal-remote package in xenial, while related to the CVE in some way, is not affected.
OR NOT systemd-sysv package in xenial, while related to the CVE in some way, is not affected.
OR NOT udev package in xenial, while related to the CVE in some way, is not affected.
|
|