Описание
Security update for systemd
This update for systemd provides the following fixes:
- CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages.
- sd-bus: Deal with cookie overruns. (bsc#1150595)
- rules: Add by-id symlinks for persistent memory. (bsc#1140631)
- Drop the old fds used for logging and reopen them in the sub process before doing any new logging. (bsc#1154948)
- Fix warnings thrown during package installation (bsc#1154043)
- Fix for systemctl hanging by restart. (bsc#1139459)
- man: mention that alias names are only effective after 'systemctl enable'. (bsc#1151377)
- ask-password: improve log message when inotify limit is reached. (bsc#1155574)
- udevd: wait for workers to finish when exiting. (bsc#1106383)
- core: fragments of masked units ought not be considered for NeedDaemonReload. (bsc#1156482)
- udev: fix 'NULL' deref when executing rules. (bsc#1151506)
- Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libsystemd0-228-157.9.1
libudev1-228-157.9.1
Container suse/sles12sp5:latest
libsystemd0-228-157.9.1
libudev1-228-157.9.1
Image SLES12-SP5-Azure-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-Azure-Basic-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-Azure-HPC-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-Azure-HPC-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-Azure-SAP-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-Azure-SAP-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-Azure-Standard-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-EC2-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-EC2-ECS-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-EC2-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-EC2-SAP-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-EC2-SAP-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-GCE-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-GCE-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-GCE-SAP-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-GCE-SAP-On-Demand
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-OCI-BYOS-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libsystemd0-228-157.9.1
libudev1-228-157.9.1
systemd-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
SUSE Linux Enterprise Server 12 SP5
libsystemd0-228-157.9.1
libsystemd0-32bit-228-157.9.1
libudev1-228-157.9.1
libudev1-32bit-228-157.9.1
systemd-228-157.9.1
systemd-32bit-228-157.9.1
systemd-bash-completion-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libsystemd0-228-157.9.1
libsystemd0-32bit-228-157.9.1
libudev1-228-157.9.1
libudev1-32bit-228-157.9.1
systemd-228-157.9.1
systemd-32bit-228-157.9.1
systemd-bash-completion-228-157.9.1
systemd-sysvinit-228-157.9.1
udev-228-157.9.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libudev-devel-228-157.9.1
systemd-devel-228-157.9.1
Ссылки
- Link for SUSE-SU-2020:0353-1
- E-Mail link for SUSE-SU-2020:0353-1
- SUSE Security Ratings
- SUSE Bug 1106383
- SUSE Bug 1127557
- SUSE Bug 1133495
- SUSE Bug 1139459
- SUSE Bug 1140631
- SUSE Bug 1150595
- SUSE Bug 1151377
- SUSE Bug 1151506
- SUSE Bug 1154043
- SUSE Bug 1154948
- SUSE Bug 1155574
- SUSE Bug 1156482
- SUSE Bug 1159814
- SUSE Bug 1162108
- SUSE CVE CVE-2020-1712 page
Описание
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libsystemd0-228-157.9.1
Container suse/ltss/sle12.5/sles12sp5:latest:libudev1-228-157.9.1
Container suse/sles12sp5:latest:libsystemd0-228-157.9.1
Container suse/sles12sp5:latest:libudev1-228-157.9.1
Ссылки
- CVE-2020-1712
- SUSE Bug 1162108