What is the vulnerability ID of this advisory?

The vulnerability ID of this advisory is USN-3855-1.

What software is affected by this vulnerability?

The systemd package with version 239-7ubuntu10.6 on Ubuntu 18.10, version 237-3ubuntu10.11 on Ubuntu 18.04, and version 229-4ubuntu21.15 on Ubuntu 16.04 is affected by this vulnerability.

What is the impact of this vulnerability?

This vulnerability could allow a local attacker to cause a denial of service or execute arbitrary code.

Is there a fix available for this vulnerability?

Yes, the vulnerability can be fixed by updating the systemd package to the prescribed versions: 239-7ubuntu10.6 for Ubuntu 18.10, 237-3ubuntu10.11 for Ubuntu 18.04, and 229-4ubuntu21.15 for Ubuntu 16.04.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Ubuntu website at the following links: [CVE-2018-16864](https://ubuntu.com/security/CVE-2018-16864), [CVE-2018-16865](https://ubuntu.com/security/CVE-2018-16865), [CVE-2018-16866](https://ubuntu.com/security/CVE-2018-16866).

Vulnerability/
USN-3855-1

11/1/2019

USN-3855-1: systemd vulnerabilities

First published: Fri Jan 11 2019(Updated: )

It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16864) It was discovered that systemd-journald allocated variable-length arrays of objects representing message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-16865) An out-of-bounds read was discovered in systemd-journald. A local attacker could potentially exploit this to obtain sensitive information and bypass ASLR protections. (CVE-2018-16866)

Affected Software	Affected Version	How to fix
All of
ubuntu/systemd	<239-7ubuntu10.6	239-7ubuntu10.6
	=18.10
All of
ubuntu/systemd	<237-3ubuntu10.11	237-3ubuntu10.11
	=18.04
All of
ubuntu/systemd	<229-4ubuntu21.15	229-4ubuntu21.15
	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID of this advisory?
The vulnerability ID of this advisory is USN-3855-1.
What software is affected by this vulnerability?
The systemd package with version 239-7ubuntu10.6 on Ubuntu 18.10, version 237-3ubuntu10.11 on Ubuntu 18.04, and version 229-4ubuntu21.15 on Ubuntu 16.04 is affected by this vulnerability.
What is the impact of this vulnerability?
This vulnerability could allow a local attacker to cause a denial of service or execute arbitrary code.
Is there a fix available for this vulnerability?
Yes, the vulnerability can be fixed by updating the systemd package to the prescribed versions: 239-7ubuntu10.6 for Ubuntu 18.10, 237-3ubuntu10.11 for Ubuntu 18.04, and 229-4ubuntu21.15 for Ubuntu 16.04.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu website at the following links: [CVE-2018-16864](https://ubuntu.com/security/CVE-2018-16864), [CVE-2018-16865](https://ubuntu.com/security/CVE-2018-16865), [CVE-2018-16866](https://ubuntu.com/security/CVE-2018-16866).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.10
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04