Описание
Security update for systemd
This update for systemd provides the following fixes:
Security issues fixed:
- CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323)
- CVE-2018-16866: Fixed an information leak in journald (bsc#1120323)
- CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919)
- Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971)
Non-security issues fixed:
- pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498)
- systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933)
- systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723)
- Fixed installation issue with /etc/machine-id during update (bsc#1117063)
- btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753)
- logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591)
- udev: Downgrade message when settting inotify watch up fails. (bsc#1005023)
- udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected none state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:0098-1
- SUSE Security Ratings
- SUSE Bug 1005023
- SUSE Bug 1045723
- SUSE Bug 1076696
- SUSE Bug 1080919
- SUSE Bug 1093753
- SUSE Bug 1101591
- SUSE Bug 1111498
- SUSE Bug 1114933
- SUSE Bug 1117063
- SUSE Bug 1119971
- SUSE Bug 1120323
- SUSE CVE CVE-2018-16864 page
- SUSE CVE CVE-2018-16865 page
- SUSE CVE CVE-2018-16866 page
- SUSE CVE CVE-2018-6954 page
Описание
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
Затронутые продукты
Ссылки
- CVE-2018-16864
- SUSE Bug 1108912
- SUSE Bug 1120323
- SUSE Bug 1122265
- SUSE Bug 1188063
Описание
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
Затронутые продукты
Ссылки
- CVE-2018-16865
- SUSE Bug 1108912
- SUSE Bug 1120323
- SUSE Bug 1122265
- SUSE Bug 1188063
Описание
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
Затронутые продукты
Ссылки
- CVE-2018-16866
- SUSE Bug 1108912
- SUSE Bug 1120323
- SUSE Bug 1122265
- SUSE Bug 1126183
Описание
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
Затронутые продукты
Ссылки
- CVE-2018-6954
- SUSE Bug 1080919