SUSE-SU-2018:0299-1: moderate: Security update for systemd

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jan 30 10:10:46 MST 2018


   SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0299-1
Rating:             moderate
References:         #1048510 #1065276 #1066156 #1068251 #1070428 
                    #1071558 #1074254 #1075724 #1076308 #897422 
                    
Cross-References:   CVE-2017-15908 CVE-2018-1049
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP2
                    SUSE CaaS Platform ALL
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that solves two vulnerabilities and has 8 fixes
   is now available.

Description:

   This update for systemd fixes several issues.

   This security issue was fixed:

   - CVE-2018-1049: Prevent race that can lead to DoS when using automounts
     (bsc#1076308).

   These non-security issues were fixed:

   - core: don't choke if a unit another unit triggers vanishes during reload
   - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX
   - delta: extend skip logic to work on full directory paths (prefix+suffix)
     (bsc#1070428)
   - delta: check if a prefix needs to be skipped only once
   - delta: skip symlink paths when split-usr is enabled (#4591)
   - sysctl: use raw file descriptor in sysctl_write (#7753)
   - sd-netlink: don't take possesion of netlink fd from caller on failure
     (bsc#1074254)
   - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It
     was missing the following case: "/dev/disk/by-id/cr_-xxx".
   - sysctl: disable buffer while writing to /proc (bsc#1071558)
   - Use read_line() and LONG_LINE_MAX to read values configuration files.
     (bsc#1071558)
   - sysctl: no need to check for eof twice
   - def: add new constant LONG_LINE_MAX
   - fileio: add new helper call read_line() as bounded getline() replacement
   - service: Don't stop unneeded units needed by restarted service (#7526)
     (bsc#1066156)
   - gpt-auto-generator: fix the handling of the value returned by
     fstab_has_fstype() in add_swap() (#6280)
   - gpt-auto-generator: disable gpt auto logic for swaps if at least one is
     defined in fstab (bsc#897422)
   - fstab-util: introduce fstab_has_fstype() helper
   - fstab-generator: ignore root=/dev/nfs (#3591)
   - fstab-generator: don't process root= if it happens to be "gpt-auto"
     (#3452)
   - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662)
     (#7581) (bsc#1048510)
   - analyze: replace --no-man with --man=no in the man page (bsc#1068251)
   - udev: net_setup_link: don't error out when we couldn't apply link config
     (#7328)
   - Add missing /etc/systemd/network directory
   - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)
   - sd-bus: use -- when passing arguments to ssh (#6706)
   - systemctl: make sure we terminate the bus connection first, and then
     close the pager (#3550)
   - sd-bus: bump message queue size (bsc#1075724)
   - tmpfiles: downgrade warning about duplicate line


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-213=1

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-213=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-213=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-213=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-213=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-213=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-213=1

   - SUSE CaaS Platform ALL:

      zypper in -t patch SUSE-CAASP-ALL-2018-213=1

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-213=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      libudev-devel-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-devel-228-150.29.1

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      libudev-devel-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-devel-228-150.29.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      libsystemd0-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libudev1-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      systemd-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

      systemd-bash-completion-228-150.29.1

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      libsystemd0-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libudev1-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      systemd-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1

   - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

      libsystemd0-32bit-228-150.29.1
      libsystemd0-debuginfo-32bit-228-150.29.1
      libudev1-32bit-228-150.29.1
      libudev1-debuginfo-32bit-228-150.29.1
      systemd-32bit-228-150.29.1
      systemd-debuginfo-32bit-228-150.29.1

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      systemd-bash-completion-228-150.29.1

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

      libsystemd0-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libudev1-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      systemd-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1

   - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):

      libsystemd0-32bit-228-150.29.1
      libsystemd0-debuginfo-32bit-228-150.29.1
      libudev1-32bit-228-150.29.1
      libudev1-debuginfo-32bit-228-150.29.1
      systemd-32bit-228-150.29.1
      systemd-debuginfo-32bit-228-150.29.1

   - SUSE Linux Enterprise Server 12-SP2 (noarch):

      systemd-bash-completion-228-150.29.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      libsystemd0-228-150.29.1
      libsystemd0-32bit-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libsystemd0-debuginfo-32bit-228-150.29.1
      libudev1-228-150.29.1
      libudev1-32bit-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      libudev1-debuginfo-32bit-228-150.29.1
      systemd-228-150.29.1
      systemd-32bit-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debuginfo-32bit-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1

   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):

      systemd-bash-completion-228-150.29.1

   - SUSE Linux Enterprise Desktop 12-SP2 (noarch):

      systemd-bash-completion-228-150.29.1

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      libsystemd0-228-150.29.1
      libsystemd0-32bit-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libsystemd0-debuginfo-32bit-228-150.29.1
      libudev1-228-150.29.1
      libudev1-32bit-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      libudev1-debuginfo-32bit-228-150.29.1
      systemd-228-150.29.1
      systemd-32bit-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debuginfo-32bit-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1

   - SUSE CaaS Platform ALL (x86_64):

      libsystemd0-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libudev1-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      systemd-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      libsystemd0-228-150.29.1
      libsystemd0-debuginfo-228-150.29.1
      libudev1-228-150.29.1
      libudev1-debuginfo-228-150.29.1
      systemd-228-150.29.1
      systemd-debuginfo-228-150.29.1
      systemd-debugsource-228-150.29.1
      systemd-sysvinit-228-150.29.1
      udev-228-150.29.1
      udev-debuginfo-228-150.29.1


References:

   https://www.suse.com/security/cve/CVE-2017-15908.html
   https://www.suse.com/security/cve/CVE-2018-1049.html
   https://bugzilla.suse.com/1048510
   https://bugzilla.suse.com/1065276
   https://bugzilla.suse.com/1066156
   https://bugzilla.suse.com/1068251
   https://bugzilla.suse.com/1070428
   https://bugzilla.suse.com/1071558
   https://bugzilla.suse.com/1074254
   https://bugzilla.suse.com/1075724
   https://bugzilla.suse.com/1076308
   https://bugzilla.suse.com/897422



More information about the sle-security-updates mailing list