SUSE-SU-2016:1346-1: moderate: Security update for systemd
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed May 18 11:08:00 MDT 2016
SUSE Security Update: Security update for systemd
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1346-1
Rating: moderate
References: #959886 #960158 #963230 #965897 #967122 #970423
#970860 #972612 #972727 #973848 #976766 #978275
Cross-References: CVE-2014-9770 CVE-2015-8842
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves two vulnerabilities and has 10 fixes
is now available.
Description:
This update for SystemD provides fixes and enhancements.
The following security issue has been fixed:
- Don't allow read access to journal files to users. (bsc#972612,
CVE-2014-9770, CVE-2015-8842)
The following non-security issues have been fixed:
- Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
- Incorrect permissions set after boot on journal files. (bsc#973848)
- Exclude device-mapper from block device ownership event locking.
(bsc#972727)
- Explicitly set mode for /run/log.
- Don't apply sgid and executable bit to journal files, only the
directories they are contained in.
- Add ability to mask access mode by pre-existing access mode on
files/directories.
- No need to pass --all if inactive is explicitly requested in list-units.
(bsc#967122)
- Fix automount option and don't start associated mount unit at boot.
(bsc#970423)
- Support more than just power-gpio-key. (fate#318444, bsc#970860)
- Add standard gpio power button support. (fate#318444, bsc#970860)
- Downgrade warnings about wanted unit which are not found. (bsc#960158)
- Shorten hostname before checking for trailing dot. (bsc#965897)
- Remove WorkingDirectory parameter from emergency, rescue and
console-shell.service. (bsc#959886)
- Don't ship boot.udev and systemd-journald.init anymore.
- Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-790=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-790=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-790=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
libgudev-1_0-devel-210-104.1
libudev-devel-210-104.1
systemd-debuginfo-210-104.1
systemd-debugsource-210-104.1
systemd-devel-210-104.1
typelib-1_0-GUdev-1_0-210-104.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
libgudev-1_0-0-210-104.1
libgudev-1_0-0-debuginfo-210-104.1
libudev1-210-104.1
libudev1-debuginfo-210-104.1
systemd-210-104.1
systemd-debuginfo-210-104.1
systemd-debugsource-210-104.1
systemd-sysvinit-210-104.1
udev-210-104.1
udev-debuginfo-210-104.1
- SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
libgudev-1_0-0-32bit-210-104.1
libgudev-1_0-0-debuginfo-32bit-210-104.1
libudev1-32bit-210-104.1
libudev1-debuginfo-32bit-210-104.1
systemd-32bit-210-104.1
systemd-debuginfo-32bit-210-104.1
- SUSE Linux Enterprise Server 12-SP1 (noarch):
systemd-bash-completion-210-104.1
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
systemd-bash-completion-210-104.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
libgudev-1_0-0-210-104.1
libgudev-1_0-0-32bit-210-104.1
libgudev-1_0-0-debuginfo-210-104.1
libgudev-1_0-0-debuginfo-32bit-210-104.1
libudev1-210-104.1
libudev1-32bit-210-104.1
libudev1-debuginfo-210-104.1
libudev1-debuginfo-32bit-210-104.1
systemd-210-104.1
systemd-32bit-210-104.1
systemd-debuginfo-210-104.1
systemd-debuginfo-32bit-210-104.1
systemd-debugsource-210-104.1
systemd-sysvinit-210-104.1
udev-210-104.1
udev-debuginfo-210-104.1
References:
https://www.suse.com/security/cve/CVE-2014-9770.html
https://www.suse.com/security/cve/CVE-2015-8842.html
https://bugzilla.suse.com/959886
https://bugzilla.suse.com/960158
https://bugzilla.suse.com/963230
https://bugzilla.suse.com/965897
https://bugzilla.suse.com/967122
https://bugzilla.suse.com/970423
https://bugzilla.suse.com/970860
https://bugzilla.suse.com/972612
https://bugzilla.suse.com/972727
https://bugzilla.suse.com/973848
https://bugzilla.suse.com/976766
https://bugzilla.suse.com/978275
More information about the sle-security-updates
mailing list