CVE-2018-20839

Priority
Description
systemd 242 changes the VT1 mode upon a logout, which allows attackers to
read cleartext passwords in certain circumstances, such as watching a
shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the
KDGKBMODE (aka current keyboard mode) check is mishandled.
Notes
sarnoldPossible regression when running startx manually
mdeslaurcommit was reverted in (240-6ubuntu7)

possibly a bug in plymouth, not systemd
as of 2020-01-06, no proper fix for this issue yet
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2020-01-06)
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2020-01-06)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-06)
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):deferred (2020-01-06)
Ubuntu 20.04 (Focal Fossa):deferred (2020-01-06)
Patches:
Upstream:https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
Upstream:https://github.com/systemd/systemd/commit/bb5ac84d79ac3aef606a4a9eeaafef94a1f199be
Upstream:https://github.com/systemd/systemd/commit/13a43c73d8cbac4b65472de04bb88ea1bacdeb89
More Information

Updated: 2020-01-23 20:39:51 UTC (commit b4629892d998f2ede31f59bb7508dc50a92ac664)