CVE-2017-1000082

Priority
Description
systemd v233 and earlier fails to safely parse usernames starting with a
numeric digit (e.g. "0day"), running the service in question with root
privileges rather than the user intended.
Notes
mdeslaurthe upstream patch changes behaviour to cause a unit to fail to
load if a configuration item could not be parsed, instead of
skipping it. Fixing this may cause regressions in certain
environments. We will not be fixing this issue in xenial.
Administrators are encouraged to carefully audit their unit
files and make sure the options are being parsed correctly.
Package
Upstream:released (234-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (235-3ubuntu3)
Patches:
Upstream:https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159
More Information

Updated: 2019-12-05 18:47:12 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)