{"schema_version":"1.7.2","id":"OESA-2023-1167","modified":"2023-03-17T11:05:03Z","published":"2023-03-17T11:05:03Z","upstream":["CVE-2023-26604"],"summary":"systemd security update","details":"systemd is a system and service manager that runs as PID 1 and starts the rest of the system.\r\n\r\nSecurity Fix(es):\r\n\r\nsystemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \u0026quot;systemctl status\u0026quot; command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.(CVE-2023-26604)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"systemd","purl":"pkg:rpm/openEuler/systemd\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"243-60.oe1"}]}],"ecosystem_specific":{"aarch64":["systemd-debugsource-243-60.oe1.aarch64.rpm","systemd-devel-243-60.oe1.aarch64.rpm","systemd-libs-243-60.oe1.aarch64.rpm","systemd-udev-243-60.oe1.aarch64.rpm","systemd-journal-remote-243-60.oe1.aarch64.rpm","systemd-udev-compat-243-60.oe1.aarch64.rpm","systemd-container-243-60.oe1.aarch64.rpm","systemd-debuginfo-243-60.oe1.aarch64.rpm","systemd-243-60.oe1.aarch64.rpm"],"noarch":["systemd-help-243-60.oe1.noarch.rpm"],"src":["systemd-243-60.oe1.src.rpm"],"x86_64":["systemd-debugsource-243-60.oe1.x86_64.rpm","systemd-libs-243-60.oe1.x86_64.rpm","systemd-container-243-60.oe1.x86_64.rpm","systemd-udev-compat-243-60.oe1.x86_64.rpm","systemd-243-60.oe1.x86_64.rpm","systemd-journal-remote-243-60.oe1.x86_64.rpm","systemd-udev-243-60.oe1.x86_64.rpm","systemd-devel-243-60.oe1.x86_64.rpm","systemd-debuginfo-243-60.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1167"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26604"}],"database_specific":{"severity":"High"}}