Описание
Security update for systemd
This update for systemd fixes the following issues:
- Updated to version 246.15
- CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063)
- CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972)
Список пакетов
openSUSE Leap 15.3
libsystemd0-246.15-7.11.1
libsystemd0-32bit-246.15-7.11.1
libudev-devel-246.15-7.11.1
libudev-devel-32bit-246.15-7.11.1
libudev1-246.15-7.11.1
libudev1-32bit-246.15-7.11.1
nss-myhostname-246.15-7.11.1
nss-myhostname-32bit-246.15-7.11.1
nss-mymachines-246.15-7.11.1
nss-mymachines-32bit-246.15-7.11.1
nss-resolve-246.15-7.11.1
nss-systemd-246.15-7.11.1
systemd-246.15-7.11.1
systemd-32bit-246.15-7.11.1
systemd-container-246.15-7.11.1
systemd-coredump-246.15-7.11.1
systemd-devel-246.15-7.11.1
systemd-doc-246.15-7.11.1
systemd-journal-remote-246.15-7.11.1
systemd-lang-246.15-7.11.1
systemd-logger-246.15-7.11.1
systemd-network-246.15-7.11.1
systemd-sysvinit-246.15-7.11.1
udev-246.15-7.11.1
Ссылки
- E-Mail link for openSUSE-SU-2021:2809-1
- SUSE Security Ratings
- SUSE Bug 1166028
- SUSE Bug 1171962
- SUSE Bug 1184994
- SUSE Bug 1185972
- SUSE Bug 1188063
- SUSE CVE CVE-2020-13529 page
- SUSE CVE CVE-2021-33910 page
Описание
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
Затронутые продукты
openSUSE Leap 15.3:libsystemd0-246.15-7.11.1
openSUSE Leap 15.3:libsystemd0-32bit-246.15-7.11.1
openSUSE Leap 15.3:libudev-devel-246.15-7.11.1
openSUSE Leap 15.3:libudev-devel-32bit-246.15-7.11.1
Ссылки
- CVE-2020-13529
- SUSE Bug 1185972
Описание
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
Затронутые продукты
openSUSE Leap 15.3:libsystemd0-246.15-7.11.1
openSUSE Leap 15.3:libsystemd0-32bit-246.15-7.11.1
openSUSE Leap 15.3:libudev-devel-246.15-7.11.1
openSUSE Leap 15.3:libudev-devel-32bit-246.15-7.11.1
Ссылки
- CVE-2021-33910
- SUSE Bug 1188062
- SUSE Bug 1188063