OSG-SEC-2022-08-26 HIGH Linux systemd use-after-free vulnerability
Dear OSG Security Contacts,
Vulnerabilities have been found concerning a user-after-free vulnerability in systemd when dealing with DNSStream which may allow an unprivileged user on a local or adjacent network to gain access to the affected system .
Most major Linux distributions.
WHAT ARE THE VULNERABILITIES:
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. 
WHAT YOU SHOULD DO:
Update affected systems as patches are made available and restart them.
Sites running RHEL should see 
Sites running CentOS should also see 
Sites running Ubuntu should see 
Sites running Scientific Linux should see 
Sites running Debian should see 
Sites running RockyLinux should see 
Sites running Almalinux should see 
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team