SUSE-SU-2019:1364-1: moderate: Security update for systemd
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue May 28 07:13:45 MDT 2019
SUSE Security Update: Security update for systemd
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1364-1
Rating: moderate
References: #1036463 #1121563 #1124122 #1125352 #1125604
#1126056 #1127557 #1130230 #1132348 #1132400
#1132721 #1133506 #1133509
Cross-References: CVE-2019-3842 CVE-2019-3843 CVE-2019-3844
CVE-2019-6454
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________
An update that solves four vulnerabilities and has 9 fixes
is now available.
Description:
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could
be exploited by a local user (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service via crafted D-Bus message
(bsc#1125352).
- CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where
services with DynamicUser could gain new privileges or create SUID/SGID
binaries (bsc#1133506, bsc#1133509).
Non-security issued fixed:
- logind: fix killing of scopes (bsc#1125604)
- namespace: make MountFlags=shared work again (bsc#1124122)
- rules: load drivers only on "add" events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- systemd-coredump: generate a stack trace of all core dumps and log into
the journal (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per
batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- Do not automatically online memory on s390x (bsc#1127557)
- Removed sg.conf (bsc#1036463)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1364=1
- SUSE Linux Enterprise Module for Basesystem 15:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1364=1
Package List:
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):
libsystemd0-mini-234-24.30.1
libsystemd0-mini-debuginfo-234-24.30.1
libudev-mini-devel-234-24.30.1
libudev-mini1-234-24.30.1
libudev-mini1-debuginfo-234-24.30.1
nss-myhostname-234-24.30.1
nss-myhostname-debuginfo-234-24.30.1
nss-mymachines-234-24.30.1
nss-mymachines-debuginfo-234-24.30.1
nss-systemd-234-24.30.1
nss-systemd-debuginfo-234-24.30.1
systemd-debuginfo-234-24.30.1
systemd-debugsource-234-24.30.1
systemd-logger-234-24.30.1
systemd-mini-234-24.30.1
systemd-mini-container-mini-234-24.30.1
systemd-mini-container-mini-debuginfo-234-24.30.1
systemd-mini-coredump-mini-234-24.30.1
systemd-mini-coredump-mini-debuginfo-234-24.30.1
systemd-mini-debuginfo-234-24.30.1
systemd-mini-debugsource-234-24.30.1
systemd-mini-devel-234-24.30.1
systemd-mini-sysvinit-234-24.30.1
udev-mini-234-24.30.1
udev-mini-debuginfo-234-24.30.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):
systemd-mini-bash-completion-234-24.30.1
- SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
libsystemd0-234-24.30.1
libsystemd0-debuginfo-234-24.30.1
libudev-devel-234-24.30.1
libudev1-234-24.30.1
libudev1-debuginfo-234-24.30.1
systemd-234-24.30.1
systemd-container-234-24.30.1
systemd-container-debuginfo-234-24.30.1
systemd-coredump-234-24.30.1
systemd-coredump-debuginfo-234-24.30.1
systemd-debuginfo-234-24.30.1
systemd-debugsource-234-24.30.1
systemd-devel-234-24.30.1
systemd-sysvinit-234-24.30.1
udev-234-24.30.1
udev-debuginfo-234-24.30.1
- SUSE Linux Enterprise Module for Basesystem 15 (x86_64):
libsystemd0-32bit-234-24.30.1
libsystemd0-32bit-debuginfo-234-24.30.1
libudev1-32bit-234-24.30.1
libudev1-32bit-debuginfo-234-24.30.1
systemd-32bit-234-24.30.1
systemd-32bit-debuginfo-234-24.30.1
- SUSE Linux Enterprise Module for Basesystem 15 (noarch):
systemd-bash-completion-234-24.30.1
References:
https://www.suse.com/security/cve/CVE-2019-3842.html
https://www.suse.com/security/cve/CVE-2019-3843.html
https://www.suse.com/security/cve/CVE-2019-3844.html
https://www.suse.com/security/cve/CVE-2019-6454.html
https://bugzilla.suse.com/1036463
https://bugzilla.suse.com/1121563
https://bugzilla.suse.com/1124122
https://bugzilla.suse.com/1125352
https://bugzilla.suse.com/1125604
https://bugzilla.suse.com/1126056
https://bugzilla.suse.com/1127557
https://bugzilla.suse.com/1130230
https://bugzilla.suse.com/1132348
https://bugzilla.suse.com/1132400
https://bugzilla.suse.com/1132721
https://bugzilla.suse.com/1133506
https://bugzilla.suse.com/1133509
More information about the sle-security-updates
mailing list