Описание
Security update for systemd
This update for SystemD provides fixes and enhancements.
The following security issue has been fixed:
- Don't allow read access to journal files to users. (bsc#972612, CVE-2014-9770, CVE-2015-8842)
The following non-security issues have been fixed:
- Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
- Incorrect permissions set after boot on journal files. (bsc#973848)
- Exclude device-mapper from block device ownership event locking. (bsc#972727)
- Explicitly set mode for /run/log.
- Don't apply sgid and executable bit to journal files, only the directories they are contained in.
- Add ability to mask access mode by pre-existing access mode on files/directories.
- No need to pass --all if inactive is explicitly requested in list-units. (bsc#967122)
- Fix automount option and don't start associated mount unit at boot. (bsc#970423)
- Support more than just power-gpio-key. (fate#318444, bsc#970860)
- Add standard gpio power button support. (fate#318444, bsc#970860)
- Downgrade warnings about wanted unit which are not found. (bsc#960158)
- Shorten hostname before checking for trailing dot. (bsc#965897)
- Remove WorkingDirectory parameter from emergency, rescue and console-shell.service. (bsc#959886)
- Don't ship boot.udev and systemd-journald.init anymore.
- Revert 'log: honour the kernel's quiet cmdline argument'. (bsc#963230)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libgudev-1_0-0-210-104.1
libgudev-1_0-0-32bit-210-104.1
libudev1-210-104.1
libudev1-32bit-210-104.1
systemd-210-104.1
systemd-32bit-210-104.1
systemd-bash-completion-210-104.1
systemd-sysvinit-210-104.1
udev-210-104.1
SUSE Linux Enterprise Server 12 SP1
libgudev-1_0-0-210-104.1
libgudev-1_0-0-32bit-210-104.1
libudev1-210-104.1
libudev1-32bit-210-104.1
systemd-210-104.1
systemd-32bit-210-104.1
systemd-bash-completion-210-104.1
systemd-sysvinit-210-104.1
udev-210-104.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgudev-1_0-0-210-104.1
libgudev-1_0-0-32bit-210-104.1
libudev1-210-104.1
libudev1-32bit-210-104.1
systemd-210-104.1
systemd-32bit-210-104.1
systemd-bash-completion-210-104.1
systemd-sysvinit-210-104.1
udev-210-104.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libgudev-1_0-devel-210-104.1
libudev-devel-210-104.1
systemd-devel-210-104.1
typelib-1_0-GUdev-1_0-210-104.1
Ссылки
- Link for SUSE-SU-2016:1346-1
- E-Mail link for SUSE-SU-2016:1346-1
- SUSE Security Ratings
- SUSE Bug 959886
- SUSE Bug 960158
- SUSE Bug 963230
- SUSE Bug 965897
- SUSE Bug 967122
- SUSE Bug 970423
- SUSE Bug 970860
- SUSE Bug 972612
- SUSE Bug 972727
- SUSE Bug 973848
- SUSE Bug 976766
- SUSE Bug 978275
- SUSE CVE CVE-2014-9770 page
- SUSE CVE CVE-2015-8842 page
Описание
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libgudev-1_0-0-210-104.1
SUSE Linux Enterprise Desktop 12 SP1:libgudev-1_0-0-32bit-210-104.1
SUSE Linux Enterprise Desktop 12 SP1:libudev1-210-104.1
SUSE Linux Enterprise Desktop 12 SP1:libudev1-32bit-210-104.1
Ссылки
- CVE-2014-9770
- SUSE Bug 972612
Описание
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libgudev-1_0-0-210-104.1
SUSE Linux Enterprise Desktop 12 SP1:libgudev-1_0-0-32bit-210-104.1
SUSE Linux Enterprise Desktop 12 SP1:libudev1-210-104.1
SUSE Linux Enterprise Desktop 12 SP1:libudev1-32bit-210-104.1
Ссылки
- CVE-2015-8842
- SUSE Bug 972612