[CLSA-2026:1777378650] Fix CVE(s): CVE-2023-26604
Type:
security
Severity:
Important
Release date:
2026-04-28 12:17:35 UTC
Description:
* SECURITY UPDATE: systemctl may pass arbitrary shell commands from a pager like more(1) that does not honor LESSSECURE, allowing privilege escalation under sudo. - debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking a pager, rename to SYSTEMD_PAGERSECURE, gate insecure pagers behind sd_pid_get_owner_uid()/euid check, skip non-"less" pagers in secure mode, and read the envvar via secure_getenv(). Squash of upstream commits 612ebf6c91, 0a42426d79, and b8f736b30e (src/shared/pager.c only; man-page hunks dropped). - CVE-2023-26604
Updated packages:
  • libnss-myhostname_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:2abb36a9a4d7c5c14f325ddec662c114c49acf99
  • libnss-mymachines_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:5537eeb6dfbbb93c1947d350f9a3347df60bcefe
  • libnss-resolve_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:963a31bc044ea38e41096e879d088d68d6ebd436
  • libnss-systemd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:1429d0950ea92be594c36eba72292c89096a49c4
  • libpam-systemd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:50afd490620b7d3dd98f34a42b7f500f1cb58f2f
  • libsystemd-dev_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:eb94c63476b2765bd6770fef51efc6f0e015c53d
  • libsystemd0_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:fc626371755493eb4bc7c43ae3ffe8e636e009ce
  • libudev-dev_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:c356396714d07bdd87ec95bc8556366d9825df35
  • libudev1_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:40f448f728f117355513e8beaf654d7d9a0b1471
  • systemd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:304d24b89cbe091a521e79daa5bbf71b86abc5ac
  • systemd-container_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:1e4af9ff4812032ea1a7fefd683c32c31ed0e854
  • systemd-coredump_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:e4d2e223ef71b63a1cae0d55d7927a0486692ca0
  • systemd-journal-remote_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:5666ac56a5ddaba4920159e59e605b14e7a67893
  • systemd-sysv_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:6117ab8a6acb40dc416778fed6fc7d7535b2c402
  • systemd-tests_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:873b87d674e9361f69a41ad4c55b02b44164654b
  • systemd-timesyncd_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:cb30e8bf14cd6827c59d25af7bb20e8df412fe4f
  • udev_245.4-4ubuntu3.24+tuxcare.els2_amd64.deb
    sha:1f1bdc4bd540fdbc5be0bd5202cfc751668daf38
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.