Описание
Security update for systemd
This update for systemd fixes several issues.
This security issue was fixed:
- CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308).
These non-security issues were fixed:
- core: don't choke if a unit another unit triggers vanishes during reload
- delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX
- delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428)
- delta: check if a prefix needs to be skipped only once
- delta: skip symlink paths when split-usr is enabled (#4591)
- sysctl: use raw file descriptor in sysctl_write (#7753)
- sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254)
- Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case: '/dev/disk/by-id/cr_-xxx'.
- sysctl: disable buffer while writing to /proc (bsc#1071558)
- Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558)
- sysctl: no need to check for eof twice
- def: add new constant LONG_LINE_MAX
- fileio: add new helper call read_line() as bounded getline() replacement
- service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156)
- gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)
- gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422)
- fstab-util: introduce fstab_has_fstype() helper
- fstab-generator: ignore root=/dev/nfs (#3591)
- fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452)
- virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510)
- analyze: replace --no-man with --man=no in the man page (bsc#1068251)
- udev: net_setup_link: don't error out when we couldn't apply link config (#7328)
- Add missing /etc/systemd/network directory
- Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)
- sd-bus: use -- when passing arguments to ssh (#6706)
- systemctl: make sure we terminate the bus connection first, and then close the pager (#3550)
- sd-bus: bump message queue size (bsc#1075724)
- tmpfiles: downgrade warning about duplicate line
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP3
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Server 12 SP2
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Server 12 SP3
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libsystemd0-228-150.29.1
libudev1-228-150.29.1
systemd-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-bash-completion-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libudev-devel-228-150.29.1
systemd-devel-228-150.29.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libudev-devel-228-150.29.1
systemd-devel-228-150.29.1
Ссылки
- Link for SUSE-SU-2018:0299-1
- E-Mail link for SUSE-SU-2018:0299-1
- SUSE Security Ratings
- SUSE Bug 1048510
- SUSE Bug 1065276
- SUSE Bug 1066156
- SUSE Bug 1068251
- SUSE Bug 1070428
- SUSE Bug 1071558
- SUSE Bug 1074254
- SUSE Bug 1075724
- SUSE Bug 1076308
- SUSE Bug 897422
- SUSE CVE CVE-2017-15908 page
- SUSE CVE CVE-2018-1049 page
Описание
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-32bit-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP2:libudev1-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP2:libudev1-32bit-228-150.29.1
Ссылки
- CVE-2017-15908
- SUSE Bug 1065276
Описание
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-32bit-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP2:libudev1-228-150.29.1
SUSE Linux Enterprise Desktop 12 SP2:libudev1-32bit-228-150.29.1
Ссылки
- CVE-2018-1049
- SUSE Bug 1076308
- SUSE Bug 1140475