Launchpad CVE tracker

CVE 2018-15686

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Related bugs and status

CVE-2018-15686 (Candidate) is related to these bugs:

Bug #1796402: systemd: reexec state injection: fgets() on overlong lines leads to line splitting

Summary				In	Importance	Status
	1796402	systemd: reexec state injection: fgets() on overlong lines leads to line splitting		systemd (Ubuntu)	Medium	Fix Released

Bug #1849200: CVE-2018-15686: systemd: state injection during daemon-reexec

Summary				In	Importance	Status
	1849200	CVE-2018-15686: systemd: state injection during daemon-reexec		StarlingX	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/sys...
BID: 105747
EXPLOIT-DB: 45714
GENTOO: GLSA-201810-10
UBUNTU: USN-3816-1
MLIST: [debian-lts-announce] ...
REDHAT: RHSA-2019:2091
REDHAT: RHSA-2019:3222
REDHAT: RHSA-2020:0593
MLIST: [bookkeeper-issues] 20...
MISC: https://www.oracle.com...

Launchpad.net

CVE 2018-15686

Related bugs and status

Related bugs

References