Your submission was sent successfully! Close

CVE-2019-3815

Published: 28 January 2019

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

Priority

Medium

CVSS 3 base score: 3.3

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian 		bionic Not vulnerable

cosmic Not vulnerable

precise Does not exist

trusty Not vulnerable

upstream Not vulnerable

xenial Not vulnerable

Notes

AuthorNote
mdeslaur 
caused by security fix backport
Ubuntu was not affected by this issue

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading