Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1450-1

Опубликовано: 27 мая 2019
Источник: suse-cvrf

Описание

Security update for systemd

This update for systemd fixes the following issues:

Security issues fixed:

  • CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919).
  • CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348).
  • CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352).

Non-security issues fixed:

  • systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
  • udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
  • sd-bus: bump message queue size again (bsc#1132721)
  • core: only watch processes when it's really necessary (bsc#955942 bsc#1128657)
  • rules: load drivers only on 'add' events (bsc#1126056)
  • sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
  • Do not automatically online memory on s390x (bsc#1127557)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.3
libsystemd0-228-71.1
libsystemd0-32bit-228-71.1
libsystemd0-mini-228-71.1
libudev-devel-228-71.1
libudev-mini-devel-228-71.1
libudev-mini1-228-71.1
libudev1-228-71.1
libudev1-32bit-228-71.1
nss-myhostname-228-71.1
nss-myhostname-32bit-228-71.1
nss-mymachines-228-71.1
systemd-228-71.1
systemd-32bit-228-71.1
systemd-bash-completion-228-71.1
systemd-devel-228-71.1
systemd-logger-228-71.1
systemd-mini-228-71.1
systemd-mini-bash-completion-228-71.1
systemd-mini-devel-228-71.1
systemd-mini-sysvinit-228-71.1
systemd-sysvinit-228-71.1
udev-228-71.1
udev-mini-228-71.1

Ссылки

Описание

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

Затронутые продукты
openSUSE Leap 42.3:libsystemd0-228-71.1
openSUSE Leap 42.3:libsystemd0-32bit-228-71.1
openSUSE Leap 42.3:libsystemd0-mini-228-71.1
openSUSE Leap 42.3:libudev-devel-228-71.1
Ссылки

Описание

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

Затронутые продукты
openSUSE Leap 42.3:libsystemd0-228-71.1
openSUSE Leap 42.3:libsystemd0-32bit-228-71.1
openSUSE Leap 42.3:libsystemd0-mini-228-71.1
openSUSE Leap 42.3:libudev-devel-228-71.1
Ссылки

Описание

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Затронутые продукты
openSUSE Leap 42.3:libsystemd0-228-71.1
openSUSE Leap 42.3:libsystemd0-32bit-228-71.1
openSUSE Leap 42.3:libsystemd0-mini-228-71.1
openSUSE Leap 42.3:libudev-devel-228-71.1
Ссылки