Bug 1113665 - (CVE-2018-15686) VUL-0: CVE-2018-15686: systemd: Line splitting via fgets() allows for state injection during daemon-reexec
(CVE-2018-15686)
VUL-0: CVE-2018-15686: systemd: Line splitting via fgets() allows for state i...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/218053/
CVSSv3:RedHat:CVE-2018-15686:3.6:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-29 08:00 UTC by Karol Babioch
Modified: 2019-11-15 07:54 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-29 08:00:59 UTC
A vulnerability in unit_deserialize of systemd allows an attacker to supply
arbitrary state across systemd re-execution via NotifyAccess. This can be used
to improperly influence systemd execution and possibly lead to root privilege
escalation. Affected releases are systemd versions up to and including 239.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15686
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15686.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686
https://github.com/systemd/systemd/pull/10519
Comment 1 Karol Babioch 2018-10-29 08:30:51 UTC
More details (including reproducer) at: https://bugs.launchpad.net/ubuntu/%2Bsource/systemd/%2Bbug/1796402
Comment 2 Karol Babioch 2018-10-29 08:34:10 UTC
All codestreams affected:

SUSE:SLE-12:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-15:Update
Comment 3 Franck Bui 2018-10-30 12:10:46 UTC
(In reply to Karol Babioch from comment #2)
> All codestreams affected:
> 
> SUSE:SLE-12:Update

Do we really have to fix SLE-12 which is LTSS ?
Comment 4 Karol Babioch 2018-10-30 13:29:21 UTC
(In reply to Franck Bui from comment #3)
> (In reply to Karol Babioch from comment #2)
> > All codestreams affected:
> > 
> > SUSE:SLE-12:Update
> 
> Do we really have to fix SLE-12 which is LTSS ?

No, we don't need to fix this for LTSS codestreams right now.
Comment 7 Franck Bui 2018-10-31 14:53:43 UTC
Fix submitted to SLE12-SP3+ and SLE15+ distros hence re-assigning to the secteam.
Comment 8 Swamp Workflow Management 2018-11-07 14:16:34 UTC
SUSE-SU-2018:3644-1: An update that solves two vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901
CVE References: CVE-2018-15686,CVE-2018-15688
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    systemd-234-24.15.1, systemd-mini-234-24.15.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    systemd-234-24.15.1
Comment 9 Swamp Workflow Management 2018-11-09 23:14:45 UTC
openSUSE-SU-2018:3695-1: An update that solves two vulnerabilities and has 16 fixes is now available.

Category: security (important)
Bug References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901
CVE References: CVE-2018-15686,CVE-2018-15688
Sources used:
openSUSE Leap 15.0 (src):    systemd-234-lp150.20.9.1, systemd-mini-234-lp150.20.9.1
Comment 10 Swamp Workflow Management 2018-11-14 17:10:30 UTC
SUSE-SU-2018:3767-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1106923,1108835,1109252,1110445,1111278,1112024,1113083,1113632,1113665
CVE References: CVE-2018-15686,CVE-2018-15688
Sources used:
SUSE OpenStack Cloud 7 (src):    systemd-228-150.53.3
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    systemd-228-150.53.3
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    systemd-228-150.53.3
SUSE Linux Enterprise Server 12-SP3 (src):    systemd-228-150.53.3
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    systemd-228-150.53.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    systemd-228-150.53.3
SUSE Linux Enterprise Desktop 12-SP3 (src):    systemd-228-150.53.3
SUSE Enterprise Storage 4 (src):    systemd-228-150.53.3
SUSE CaaS Platform ALL (src):    systemd-228-150.53.3
SUSE CaaS Platform 3.0 (src):    systemd-228-150.53.3
OpenStack Cloud Magnum Orchestration 7 (src):    systemd-228-150.53.3
Comment 11 Swamp Workflow Management 2018-11-16 23:18:08 UTC
openSUSE-SU-2018:3803-1: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1106923,1108835,1109252,1110445,1111278,1112024,1113083,1113632,1113665
CVE References: CVE-2018-15686,CVE-2018-15688
Sources used:
openSUSE Leap 42.3 (src):    systemd-228-62.1, systemd-mini-228-62.1
Comment 12 Swamp Workflow Management 2018-12-10 11:14:55 UTC
SUSE-SU-2018:3767-2: An update that solves two vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1106923,1108835,1109252,1110445,1111278,1112024,1113083,1113632,1113665
CVE References: CVE-2018-15686,CVE-2018-15688
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    systemd-228-150.53.3
SUSE Linux Enterprise Server 12-SP4 (src):    systemd-228-150.53.3
SUSE Linux Enterprise Desktop 12-SP4 (src):    systemd-228-150.53.3
Comment 14 Swamp Workflow Management 2019-01-10 02:09:29 UTC
SUSE-SU-2019:0054-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1068588,1071558,1113665,1120323
CVE References: CVE-2018-15686,CVE-2018-16864,CVE-2018-16865
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    systemd-210-116.19.1
Comment 15 Swamp Workflow Management 2019-01-10 02:10:31 UTC
SUSE-SU-2019:0053-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1068588,1071558,1113665,1120323
CVE References: CVE-2018-15686,CVE-2018-16864,CVE-2018-16865
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    systemd-210-70.74.1
Comment 16 Marcus Meissner 2019-11-15 07:54:59 UTC
released