Описание
Security update for systemd, dracut
This update for systemd and dracut fixes the following issues:
Security issues fixed:
- CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. (bsc#1045290)
Non-security issues fixed in systemd:
- Automounter issue in combination with NFS volumes (bsc#1040968)
- Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153)
- Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750)
Non-security issues fixed in dracut:
- Bail out if module directory does not exist. (bsc#1043900)
- Suppress bogus error message. (bsc#1032029)
- Fix module force loading with systemd. (bsc#986216)
- Ship udev files required by systemd. (bsc#1040153)
- Ignore module resolution errors (e.g. with kgraft). (bsc#1037120)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
dracut-044.1-109.8.3
libsystemd0-228-150.7.1
libsystemd0-32bit-228-150.7.1
libudev1-228-150.7.1
libudev1-32bit-228-150.7.1
systemd-228-150.7.1
systemd-32bit-228-150.7.1
systemd-bash-completion-228-150.7.1
systemd-sysvinit-228-150.7.1
udev-228-150.7.1
SUSE Linux Enterprise Server 12 SP2
dracut-044.1-109.8.3
dracut-fips-044.1-109.8.3
libsystemd0-228-150.7.1
libsystemd0-32bit-228-150.7.1
libudev1-228-150.7.1
libudev1-32bit-228-150.7.1
systemd-228-150.7.1
systemd-32bit-228-150.7.1
systemd-bash-completion-228-150.7.1
systemd-sysvinit-228-150.7.1
udev-228-150.7.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
dracut-044.1-109.8.3
dracut-fips-044.1-109.8.3
libsystemd0-228-150.7.1
libudev1-228-150.7.1
systemd-228-150.7.1
systemd-bash-completion-228-150.7.1
systemd-sysvinit-228-150.7.1
udev-228-150.7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dracut-044.1-109.8.3
dracut-fips-044.1-109.8.3
libsystemd0-228-150.7.1
libsystemd0-32bit-228-150.7.1
libudev1-228-150.7.1
libudev1-32bit-228-150.7.1
systemd-228-150.7.1
systemd-32bit-228-150.7.1
systemd-bash-completion-228-150.7.1
systemd-sysvinit-228-150.7.1
udev-228-150.7.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libudev-devel-228-150.7.1
systemd-devel-228-150.7.1
Ссылки
- Link for SUSE-SU-2017:1898-1
- E-Mail link for SUSE-SU-2017:1898-1
- SUSE Security Ratings
- SUSE Bug 1032029
- SUSE Bug 1033238
- SUSE Bug 1037120
- SUSE Bug 1040153
- SUSE Bug 1040968
- SUSE Bug 1043900
- SUSE Bug 1045290
- SUSE Bug 1046750
- SUSE Bug 986216
- SUSE CVE CVE-2017-9445 page
Описание
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dracut-044.1-109.8.3
SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-228-150.7.1
SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-32bit-228-150.7.1
SUSE Linux Enterprise Desktop 12 SP2:libudev1-228-150.7.1
Ссылки
- CVE-2017-9445
- SUSE Bug 1045290
- SUSE Bug 1063249