SUSE-SU-2017:2031-1: moderate: Security update for systemd

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Aug 3 07:07:12 MDT 2017


   SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2031-1
Rating:             moderate
References:         #1004995 #1029102 #1029516 #1032029 #1033238 
                    #1036873 #1037120 #1038865 #1040153 #1040258 
                    #1040614 #1040942 #1040968 #1043758 #1043900 
                    #1045290 #1046750 #982303 #986216 
Cross-References:   CVE-2017-9217 CVE-2017-9445
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

   An update that solves two vulnerabilities and has 17 fixes
   is now available.

Description:

   This update for systemd provides several fixes and enhancements.

   Security issues fixed:

   - CVE-2017-9217: Null pointer dereferencing that could lead to resolved
     aborting. (bsc#1040614)
   - CVE-2017-9445: Possible out-of-bounds write triggered by a specially
     crafted TCP payload from a DNS server. (bsc#1045290)

   The update also fixed several non-security bugs:

   - core/mount: Use the "-c" flag to not canonicalize paths when calling
     /bin/umount
   - automount: Handle expire_tokens when the mount unit changes its state
     (bsc#1040942)
   - automount: Rework propagation between automount and mount units
   - build: Make sure tmpfiles.d/systemd-remote.conf get installed when
     necessary
   - build: Fix systemd-journal-upload installation
   - basic: Detect XEN Dom0 as no virtualization (bsc#1036873)
   - virt: Make sure some errors are not ignored
   - fstab-generator: Do not skip Before= ordering for noauto mountpoints
   - fstab-gen: Do not convert device timeout into seconds when initializing
     JobTimeoutSec
   - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)
   - fstab-generator: Apply the _netdev option also to device units
     (bsc#1004995)
   - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)
   - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)
   - rules: Export NVMe WWID udev attribute (bsc#1038865)
   - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives
   - rules: Add rules for NVMe devices
   - sysusers: Make group shadow support configurable (bsc#1029516)
   - core: When deserializing a unit, fully restore its cgroup state
     (bsc#1029102)
   - core: Introduce cg_mask_from_string()/cg_mask_to_string()
   - core:execute: Fix handling failures of calling fork() in exec_spawn()
     (bsc#1040258)
   - Fix systemd-sysv-convert when a package starts shipping service units
     (bsc#982303) The database might be missing when upgrading a package
     which was shipping no sysv init scripts nor unit files (at the time
     --save was called) but the new version start shipping unit files.
   - Disable group shadow support (bsc#1029516)
   - Only check signature job error if signature job exists (bsc#1043758)
   - Automounter issue in combination with NFS volumes (bsc#1040968)
   - Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153)
   - Add minimal support for boot.d/* scripts in systemd-sysv-convert
     (bsc#1046750)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1245=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1245=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1245=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      libudev-devel-228-150.9.3
      systemd-debuginfo-228-150.9.3
      systemd-debugsource-228-150.9.3
      systemd-devel-228-150.9.3

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      libsystemd0-228-150.9.3
      libsystemd0-debuginfo-228-150.9.3
      libudev1-228-150.9.3
      libudev1-debuginfo-228-150.9.3
      systemd-228-150.9.3
      systemd-debuginfo-228-150.9.3
      systemd-debugsource-228-150.9.3
      systemd-sysvinit-228-150.9.3
      udev-228-150.9.3
      udev-debuginfo-228-150.9.3

   - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

      libsystemd0-32bit-228-150.9.3
      libsystemd0-debuginfo-32bit-228-150.9.3
      libudev1-32bit-228-150.9.3
      libudev1-debuginfo-32bit-228-150.9.3
      systemd-32bit-228-150.9.3
      systemd-debuginfo-32bit-228-150.9.3

   - SUSE Linux Enterprise Server 12-SP3 (noarch):

      systemd-bash-completion-228-150.9.3

   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):

      systemd-bash-completion-228-150.9.3

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      libsystemd0-228-150.9.3
      libsystemd0-32bit-228-150.9.3
      libsystemd0-debuginfo-228-150.9.3
      libsystemd0-debuginfo-32bit-228-150.9.3
      libudev1-228-150.9.3
      libudev1-32bit-228-150.9.3
      libudev1-debuginfo-228-150.9.3
      libudev1-debuginfo-32bit-228-150.9.3
      systemd-228-150.9.3
      systemd-32bit-228-150.9.3
      systemd-debuginfo-228-150.9.3
      systemd-debuginfo-32bit-228-150.9.3
      systemd-debugsource-228-150.9.3
      systemd-sysvinit-228-150.9.3
      udev-228-150.9.3
      udev-debuginfo-228-150.9.3


References:

   https://www.suse.com/security/cve/CVE-2017-9217.html
   https://www.suse.com/security/cve/CVE-2017-9445.html
   https://bugzilla.suse.com/1004995
   https://bugzilla.suse.com/1029102
   https://bugzilla.suse.com/1029516
   https://bugzilla.suse.com/1032029
   https://bugzilla.suse.com/1033238
   https://bugzilla.suse.com/1036873
   https://bugzilla.suse.com/1037120
   https://bugzilla.suse.com/1038865
   https://bugzilla.suse.com/1040153
   https://bugzilla.suse.com/1040258
   https://bugzilla.suse.com/1040614
   https://bugzilla.suse.com/1040942
   https://bugzilla.suse.com/1040968
   https://bugzilla.suse.com/1043758
   https://bugzilla.suse.com/1043900
   https://bugzilla.suse.com/1045290
   https://bugzilla.suse.com/1046750
   https://bugzilla.suse.com/982303
   https://bugzilla.suse.com/986216



More information about the sle-updates mailing list