SUSE-SU-2019:0135-1

Опубликовано: 21 янв. 2019

Источник: suse-cvrf

Описание

Security update for systemd

This update for systemd provides the following fixes:

Security issues fixed:

CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323)
CVE-2018-16866: Fixed an information leak in journald (bsc#1120323)
Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971)

Non-security issues fixed:

core: Queue loading transient units after setting their properties. (bsc#1115518)
logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591)
terminal-util: introduce vt_release() and vt_restore() helpers.
terminal: Unify code for resetting kbd utf8 mode a bit.
terminal Reset should honour default_utf8 kernel setting.
logind: Make session_restore_vt() static.
udev: Downgrade message when settting inotify watch up fails. (bsc#1005023)
log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981)
udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected none state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696)

Список пакетов

Container caasp/v4/default-http-backend:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/dnsmasq-nanny:2.78

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/flannel:0.9.1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/haproxy:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/kubedns:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/nginx-ingress-controller:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/openldap:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/pause:1.0.0

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/pv-recycler-node:8.25

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/salt-api:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/salt-master:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/salt-minion:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/sidecar:beta1

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container caasp/v4/velum:4.0.0

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container suse/sles12sp3:latest

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

Container suse/sles12sp4:latest

libsystemd0-228-150.58.1

libudev1-228-150.58.1

Image SLES12-SP4-Azure-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-EC2-HVM-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-GCE-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-OCI-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-Azure

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-Azure-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-EC2-HVM

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-GCE

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-GCE-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Image SLES12-SP4-SAP-OCI-BYOS

libsystemd0-228-150.58.1

libudev1-228-150.58.1

systemd-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Enterprise Storage 4

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Desktop 12 SP3

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Desktop 12 SP4

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server 12 SP2-BCL

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server 12 SP2-LTSS

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server 12 SP3

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server 12 SP4

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libudev-devel-228-150.58.1

systemd-devel-228-150.58.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libudev-devel-228-150.58.1

systemd-devel-228-150.58.1

SUSE OpenStack Cloud 7

libsystemd0-228-150.58.1

libsystemd0-32bit-228-150.58.1

libudev1-228-150.58.1

libudev1-32bit-228-150.58.1

systemd-228-150.58.1

systemd-32bit-228-150.58.1

systemd-bash-completion-228-150.58.1

systemd-sysvinit-228-150.58.1

udev-228-150.58.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190135-1/
Link for SUSE-SU-2019:0135-1
https://lists.suse.com/pipermail/sle-security-updates/2019-January/005052.html
E-Mail link for SUSE-SU-2019:0135-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1005023
SUSE Bug 1005023
https://bugzilla.suse.com/1076696
SUSE Bug 1076696
https://bugzilla.suse.com/1101591
SUSE Bug 1101591
https://bugzilla.suse.com/1114981
SUSE Bug 1114981
https://bugzilla.suse.com/1115518
SUSE Bug 1115518
https://bugzilla.suse.com/1119971
SUSE Bug 1119971
https://bugzilla.suse.com/1120323
SUSE Bug 1120323
https://www.suse.com/security/cve/CVE-2018-16864/
SUSE CVE CVE-2018-16864 page
https://www.suse.com/security/cve/CVE-2018-16865/
SUSE CVE CVE-2018-16865 page
https://www.suse.com/security/cve/CVE-2018-16866/
SUSE CVE CVE-2018-16866 page

Описание

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Затронутые продукты

Container caasp/v4/default-http-backend:beta1:libsystemd0-228-150.58.1

Container caasp/v4/default-http-backend:beta1:libudev1-228-150.58.1

Container caasp/v4/default-http-backend:beta1:systemd-228-150.58.1

Container caasp/v4/dnsmasq-nanny:2.78:libsystemd0-228-150.58.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16864.html
CVE-2018-16864
https://bugzilla.suse.com/1108912
SUSE Bug 1108912
https://bugzilla.suse.com/1120323
SUSE Bug 1120323
https://bugzilla.suse.com/1122265
SUSE Bug 1122265
https://bugzilla.suse.com/1188063
SUSE Bug 1188063

Описание

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

Затронутые продукты

Container caasp/v4/default-http-backend:beta1:libsystemd0-228-150.58.1

Container caasp/v4/default-http-backend:beta1:libudev1-228-150.58.1

Container caasp/v4/default-http-backend:beta1:systemd-228-150.58.1

Container caasp/v4/dnsmasq-nanny:2.78:libsystemd0-228-150.58.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16865.html
CVE-2018-16865
https://bugzilla.suse.com/1108912
SUSE Bug 1108912
https://bugzilla.suse.com/1120323
SUSE Bug 1120323
https://bugzilla.suse.com/1122265
SUSE Bug 1122265
https://bugzilla.suse.com/1188063
SUSE Bug 1188063

Описание

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Затронутые продукты

Container caasp/v4/default-http-backend:beta1:libsystemd0-228-150.58.1

Container caasp/v4/default-http-backend:beta1:libudev1-228-150.58.1

Container caasp/v4/default-http-backend:beta1:systemd-228-150.58.1

Container caasp/v4/dnsmasq-nanny:2.78:libsystemd0-228-150.58.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16866.html
CVE-2018-16866
https://bugzilla.suse.com/1108912
SUSE Bug 1108912
https://bugzilla.suse.com/1120323
SUSE Bug 1120323
https://bugzilla.suse.com/1122265
SUSE Bug 1122265
https://bugzilla.suse.com/1126183
SUSE Bug 1126183

SUSE-SU-2019:0135-1

Описание

Список пакетов

Container caasp/v4/default-http-backend:beta1

Container caasp/v4/dnsmasq-nanny:2.78

Container caasp/v4/flannel:0.9.1

Container caasp/v4/haproxy:beta1

Container caasp/v4/kubedns:beta1

Container caasp/v4/nginx-ingress-controller:beta1

Container caasp/v4/openldap:beta1

Container caasp/v4/pause:1.0.0

Container caasp/v4/pv-recycler-node:8.25

Container caasp/v4/salt-api:beta1

Container caasp/v4/salt-master:beta1

Container caasp/v4/salt-minion:beta1

Container caasp/v4/sidecar:beta1

Container caasp/v4/velum:4.0.0

Container suse/sles12sp3:latest

Container suse/sles12sp4:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

SUSE Enterprise Storage 4

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2018-16864

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16865

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16866

Описание

Затронутые продукты

Ссылки