An update for systemd is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1910 Final 1.0 1.0 2026-04-17 Initial 2026-04-17 2026-04-17 openEuler SA Tool V1.0 2026-04-17 systemd security update An update for systemd is now available for openEuler-24.03-LTS-SP2 systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fix(es): systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.(CVE-2026-29111) A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.(CVE-2026-4105) An update for systemd is now available for openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium systemd https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1910 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-29111 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4105 https://nvd.nist.gov/vuln/detail/CVE-2026-29111 https://nvd.nist.gov/vuln/detail/CVE-2026-4105 openEuler-24.03-LTS-SP2 systemd-255-57.oe2403sp2.aarch64.rpm systemd-container-255-57.oe2403sp2.aarch64.rpm systemd-cryptsetup-255-57.oe2403sp2.aarch64.rpm systemd-debuginfo-255-57.oe2403sp2.aarch64.rpm systemd-debugsource-255-57.oe2403sp2.aarch64.rpm systemd-devel-255-57.oe2403sp2.aarch64.rpm systemd-libs-255-57.oe2403sp2.aarch64.rpm systemd-networkd-255-57.oe2403sp2.aarch64.rpm systemd-nspawn-255-57.oe2403sp2.aarch64.rpm systemd-pam-255-57.oe2403sp2.aarch64.rpm systemd-resolved-255-57.oe2403sp2.aarch64.rpm systemd-timesyncd-255-57.oe2403sp2.aarch64.rpm systemd-udev-255-57.oe2403sp2.aarch64.rpm systemd-255-57.oe2403sp2.src.rpm systemd-255-57.oe2403sp2.x86_64.rpm systemd-container-255-57.oe2403sp2.x86_64.rpm systemd-cryptsetup-255-57.oe2403sp2.x86_64.rpm systemd-debuginfo-255-57.oe2403sp2.x86_64.rpm systemd-debugsource-255-57.oe2403sp2.x86_64.rpm systemd-devel-255-57.oe2403sp2.x86_64.rpm systemd-libs-255-57.oe2403sp2.x86_64.rpm systemd-networkd-255-57.oe2403sp2.x86_64.rpm systemd-nspawn-255-57.oe2403sp2.x86_64.rpm systemd-pam-255-57.oe2403sp2.x86_64.rpm systemd-resolved-255-57.oe2403sp2.x86_64.rpm systemd-timesyncd-255-57.oe2403sp2.x86_64.rpm systemd-udev-255-57.oe2403sp2.x86_64.rpm systemd-help-255-57.oe2403sp2.noarch.rpm systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available. 2026-04-17 CVE-2026-29111 openEuler-24.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H systemd security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1910 A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system. 2026-04-17 CVE-2026-4105 openEuler-24.03-LTS-SP2 Medium 6.7 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H systemd security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1910