Описание
Security update for systemd
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919).
- CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352).
Non-security issues fixed:
- systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- core: only watch processes when it's really necessary (bsc#955942 bsc#1128657)
- rules: load drivers only on 'add' events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- Do not automatically online memory on s390x (bsc#1127557)
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
Container suse/sles12sp3:latest
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
Container suse/sles12sp4:latest
libsystemd0-228-150.66.4
libudev1-228-150.66.4
Image SLES12-SP4-Azure-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-EC2-HVM-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-GCE-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-OCI-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-Azure
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-Azure-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-EC2-HVM
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-GCE
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-GCE-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Image SLES12-SP4-SAP-OCI-BYOS
libsystemd0-228-150.66.4
libudev1-228-150.66.4
systemd-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Enterprise Storage 4
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev-devel-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Desktop 12 SP3
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Desktop 12 SP4
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server 12 SP2-BCL
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server 12 SP2-LTSS
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev-devel-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server 12 SP3
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server 12 SP4
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev-devel-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
SUSE Linux Enterprise Software Development Kit 12 SP3
libudev-devel-228-150.66.4
systemd-devel-228-150.66.4
SUSE Linux Enterprise Software Development Kit 12 SP4
libudev-devel-228-150.66.4
systemd-devel-228-150.66.4
SUSE OpenStack Cloud 7
libsystemd0-228-150.66.4
libsystemd0-32bit-228-150.66.4
libudev-devel-228-150.66.4
libudev1-228-150.66.4
libudev1-32bit-228-150.66.4
systemd-228-150.66.4
systemd-32bit-228-150.66.4
systemd-bash-completion-228-150.66.4
systemd-sysvinit-228-150.66.4
udev-228-150.66.4
Ссылки
- Link for SUSE-SU-2019:1265-1
- E-Mail link for SUSE-SU-2019:1265-1
- SUSE Security Ratings
- SUSE Bug 1080919
- SUSE Bug 1121563
- SUSE Bug 1125352
- SUSE Bug 1126056
- SUSE Bug 1127557
- SUSE Bug 1128657
- SUSE Bug 1130230
- SUSE Bug 1132348
- SUSE Bug 1132400
- SUSE Bug 1132721
- SUSE Bug 955942
- SUSE CVE CVE-2018-6954 page
- SUSE CVE CVE-2019-3842 page
- SUSE CVE CVE-2019-6454 page
- SUSE Bug SLE-5933
Описание
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libsystemd0-228-150.66.4
Container caasp/v4/nginx-ingress-controller:beta1:libudev1-228-150.66.4
Container caasp/v4/nginx-ingress-controller:beta1:systemd-228-150.66.4
Container suse/sles12sp3:latest:libsystemd0-228-150.66.4
Ссылки
- CVE-2018-6954
- SUSE Bug 1080919
Описание
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libsystemd0-228-150.66.4
Container caasp/v4/nginx-ingress-controller:beta1:libudev1-228-150.66.4
Container caasp/v4/nginx-ingress-controller:beta1:systemd-228-150.66.4
Container suse/sles12sp3:latest:libsystemd0-228-150.66.4
Ссылки
- CVE-2019-3842
- SUSE Bug 1132348
Описание
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libsystemd0-228-150.66.4
Container caasp/v4/nginx-ingress-controller:beta1:libudev1-228-150.66.4
Container caasp/v4/nginx-ingress-controller:beta1:systemd-228-150.66.4
Container suse/sles12sp3:latest:libsystemd0-228-150.66.4
Ссылки
- CVE-2019-6454
- SUSE Bug 1125352