Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4279-1

Опубликовано: 29 нояб. 2022
Источник: suse-cvrf

Описание

Security update for systemd

This update for systemd fixes the following issues:

  • CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

  • Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234

    • 20743c1a44 logind: fix crash in logind on user-specified message string
    • b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent
    • 2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
    • 3d3bd5fc8d systemd --user: call pam_loginuid when creating user@.service (#3120) (bsc#1198507)
    • 4b56c3540a parse-util: introduce pid_is_valid()
    • aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244)

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest
libsystemd0-228-157.43.2
libudev1-228-157.43.2
Container suse/sles12sp5:latest
libsystemd0-228-157.43.2
libudev1-228-157.43.2
Image SLES12-SP5-Azure-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-Azure-Basic-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-Azure-HPC-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-Azure-HPC-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-Azure-SAP-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-Azure-SAP-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-Azure-Standard-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-EC2-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-EC2-ECS-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-EC2-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-EC2-SAP-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-EC2-SAP-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-GCE-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-GCE-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-GCE-SAP-BYOS
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-GCE-SAP-On-Demand
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libsystemd0-228-157.43.2
libudev1-228-157.43.2
systemd-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
SUSE Linux Enterprise Server 12 SP5
libsystemd0-228-157.43.2
libsystemd0-32bit-228-157.43.2
libudev-devel-228-157.43.2
libudev1-228-157.43.2
libudev1-32bit-228-157.43.2
systemd-228-157.43.2
systemd-32bit-228-157.43.2
systemd-bash-completion-228-157.43.2
systemd-devel-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libsystemd0-228-157.43.2
libsystemd0-32bit-228-157.43.2
libudev-devel-228-157.43.2
libudev1-228-157.43.2
libudev1-32bit-228-157.43.2
systemd-228-157.43.2
systemd-32bit-228-157.43.2
systemd-bash-completion-228-157.43.2
systemd-devel-228-157.43.2
systemd-sysvinit-228-157.43.2
udev-228-157.43.2
SUSE Linux Enterprise Software Development Kit 12 SP5
libudev-devel-228-157.43.2
systemd-devel-228-157.43.2

Ссылки

Описание

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libsystemd0-228-157.43.2
Container suse/ltss/sle12.5/sles12sp5:latest:libudev1-228-157.43.2
Container suse/sles12sp5:latest:libsystemd0-228-157.43.2
Container suse/sles12sp5:latest:libudev1-228-157.43.2
Ссылки
Уязвимость SUSE-SU-2022:4279-1