Oracle Linux: CVE-2018-16864: ELSA-2019-0049: systemd security update (IMPORTANT) (Multiple Advisories)
Description
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.
Solution(s)
- oracle-linux-upgrade-libgudev1
- oracle-linux-upgrade-libgudev1-devel
- oracle-linux-upgrade-postgresql-server
- oracle-linux-upgrade-systemd
- oracle-linux-upgrade-systemd-devel
- oracle-linux-upgrade-systemd-journal-gateway
- oracle-linux-upgrade-systemd-libs
- oracle-linux-upgrade-systemd-networkd
- oracle-linux-upgrade-systemd-python
- oracle-linux-upgrade-systemd-resolved
- oracle-linux-upgrade-systemd-sysv
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center