Tuesday, January 15, 2019

Systemd journald security vulnerabilities

Three security vulnerabilities have been found in the systemd package, a system and service manager used in most major Linux distributions.

These new vulnerabilities can lead to memory corruption attacks (CVE-2018-16864 and CVE-2018-16865) and an out of bounds error that can leak data (CVE-2018-16866). You can learn more about these vulnerabilities in the official announcement.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team is currently working on packaging the updated solutions, and will make these new versions available through our catalog and our cloud partner marketplaces .

The different Linux distributions published the patched version of the systemd package, so you can update them easily by using your system’s package manager. The patched versions are the following:

  • Ubuntu 16: 229-4ubuntu21.15
  • Debian 9: 232-25+deb9u7
  • Oracle Linux 7: 219-62.0.4.el7_6.2
  • RedHat 7: 219-62.el7_6.2
  • CentOS 7: 219-62.el7_6.2

If you have further questions about this security issue, please post to our community forum and we will be happy to help you.