CVE-2016-10156

Priority
Description
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid
files to be created when using the systemd timers features, allowing local
attackers to escalate their privileges to root. This is fixed in v229.
Notes
tyhicksIt looks to me like systemd from the stable phone overlay has the
vulnerable code in src/shared/util.c. However, systemd is not used for pid 1
on the phone so marking that specific release as low.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (229-4ubuntu16)
Patches:
Upstream:https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
Upstream:https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f
More Information

Updated: 2020-01-29 19:54:11 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)