Описание
Security update for systemd
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
Bug fixes:
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
- Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244).
- Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529).
- Fixed 'man' tweak description of auto/noauto (bsc#1191502).
Список пакетов
Container suse/sles12sp4:latest
libsystemd0-228-150.108.2
libudev1-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL
libsystemd0-228-150.108.2
libsystemd0-32bit-228-150.108.2
libudev1-228-150.108.2
libudev1-32bit-228-150.108.2
systemd-228-150.108.2
systemd-32bit-228-150.108.2
systemd-bash-completion-228-150.108.2
systemd-devel-228-150.108.2
systemd-sysvinit-228-150.108.2
udev-228-150.108.2
SUSE Linux Enterprise Server 12 SP4-ESPOS
libsystemd0-228-150.108.2
libsystemd0-32bit-228-150.108.2
libudev-devel-228-150.108.2
libudev1-228-150.108.2
libudev1-32bit-228-150.108.2
systemd-228-150.108.2
systemd-32bit-228-150.108.2
systemd-bash-completion-228-150.108.2
systemd-devel-228-150.108.2
systemd-sysvinit-228-150.108.2
udev-228-150.108.2
SUSE Linux Enterprise Server 12 SP4-LTSS
libsystemd0-228-150.108.2
libsystemd0-32bit-228-150.108.2
libudev-devel-228-150.108.2
libudev1-228-150.108.2
libudev1-32bit-228-150.108.2
systemd-228-150.108.2
systemd-32bit-228-150.108.2
systemd-bash-completion-228-150.108.2
systemd-devel-228-150.108.2
systemd-sysvinit-228-150.108.2
udev-228-150.108.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libsystemd0-228-150.108.2
libsystemd0-32bit-228-150.108.2
libudev-devel-228-150.108.2
libudev1-228-150.108.2
libudev1-32bit-228-150.108.2
systemd-228-150.108.2
systemd-32bit-228-150.108.2
systemd-bash-completion-228-150.108.2
systemd-devel-228-150.108.2
systemd-sysvinit-228-150.108.2
udev-228-150.108.2
SUSE OpenStack Cloud 9
libsystemd0-228-150.108.2
libsystemd0-32bit-228-150.108.2
libudev-devel-228-150.108.2
libudev1-228-150.108.2
libudev1-32bit-228-150.108.2
systemd-228-150.108.2
systemd-32bit-228-150.108.2
systemd-bash-completion-228-150.108.2
systemd-devel-228-150.108.2
systemd-sysvinit-228-150.108.2
udev-228-150.108.2
SUSE OpenStack Cloud Crowbar 9
libsystemd0-228-150.108.2
libsystemd0-32bit-228-150.108.2
libudev-devel-228-150.108.2
libudev1-228-150.108.2
libudev1-32bit-228-150.108.2
systemd-228-150.108.2
systemd-32bit-228-150.108.2
systemd-bash-completion-228-150.108.2
systemd-devel-228-150.108.2
systemd-sysvinit-228-150.108.2
udev-228-150.108.2
Ссылки
- Link for SUSE-SU-2023:1776-1
- E-Mail link for SUSE-SU-2023:1776-1
- SUSE Security Ratings
- SUSE Bug 1191502
- SUSE Bug 1195529
- SUSE Bug 1197244
- SUSE Bug 1198507
- SUSE Bug 1204423
- SUSE Bug 1204968
- SUSE Bug 1205000
- SUSE Bug 1206985
- SUSE Bug 1208958
- SUSE CVE CVE-2022-3821 page
- SUSE CVE CVE-2022-4415 page
- SUSE CVE CVE-2023-26604 page
Описание
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
Затронутые продукты
Container suse/sles12sp4:latest:libsystemd0-228-150.108.2
Container suse/sles12sp4:latest:libudev1-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL:libsystemd0-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL:libsystemd0-32bit-228-150.108.2
Ссылки
- CVE-2022-3821
- SUSE Bug 1204968
Описание
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Затронутые продукты
Container suse/sles12sp4:latest:libsystemd0-228-150.108.2
Container suse/sles12sp4:latest:libudev1-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL:libsystemd0-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL:libsystemd0-32bit-228-150.108.2
Ссылки
- CVE-2022-4415
- SUSE Bug 1205000
Описание
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
Затронутые продукты
Container suse/sles12sp4:latest:libsystemd0-228-150.108.2
Container suse/sles12sp4:latest:libudev1-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL:libsystemd0-228-150.108.2
SUSE Linux Enterprise Server 12 SP2-BCL:libsystemd0-32bit-228-150.108.2
Ссылки
- CVE-2023-26604
- SUSE Bug 1208958
- SUSE Bug 1210451