CVE-2018-20839

Priority
Description
systemd 242 changes the VT1 mode upon a logout, which allows attackers to
read cleartext passwords in certain circumstances, such as watching a
shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the
KDGKBMODE (aka current keyboard mode) check is mishandled.
Notes
sarnoldPossible regression when running startx manually
mdeslaurcommit was reverted in (240-6ubuntu7)

possibly a bug in plymouth, not systemd
as of 2020-01-28, no proper fix for this issue yet
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2020-01-28)
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2020-01-28)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-28)
Ubuntu 19.10 (Eoan Ermine):deferred (2020-01-28)
Ubuntu 20.04 (Focal Fossa):deferred (2020-01-28)
Patches:
Upstream:https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
Upstream:https://github.com/systemd/systemd/commit/bb5ac84d79ac3aef606a4a9eeaafef94a1f199be
Upstream:https://github.com/systemd/systemd/commit/13a43c73d8cbac4b65472de04bb88ea1bacdeb89
More Information

Updated: 2020-01-29 18:54:27 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)