SUSE-SU-2017:1773-1: moderate: Security update for systemd

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 4 13:15:00 MDT 2017


   SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1773-1
Rating:             moderate
References:         #1004995 #1029102 #1029516 #1036873 #1038865 
                    #1040258 #1040614 #1040942 #1043758 #982303 
                    
Cross-References:   CVE-2017-9217
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP2
                    OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________

   An update that solves one vulnerability and has 9 fixes is
   now available.

Description:

   This update for systemd fixes the following issues:

   Security issue fixed:

   - CVE-2017-9217: resolved: Fix null pointer p->question dereferencing that
     could lead to resolved aborting (bsc#1040614)

   The update also fixed several non-security bugs:

   - core/mount: Use the "-c" flag to not canonicalize paths when calling
     /bin/umount
   - automount: Handle expire_tokens when the mount unit changes its state
     (bsc#1040942)
   - automount: Rework propagation between automount and mount units
   - build: Make sure tmpfiles.d/systemd-remote.conf get installed when
     necessary
   - build: Fix systemd-journal-upload installation
   - basic: Detect XEN Dom0 as no virtualization (bsc#1036873)
   - virt: Make sure some errors are not ignored
   - fstab-generator: Do not skip Before= ordering for noauto mountpoints
   - fstab-gen: Do not convert device timeout into seconds when initializing
     JobTimeoutSec
   - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)
   - fstab-generator: Apply the _netdev option also to device units
     (bsc#1004995)
   - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)
   - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)
   - rules: Export NVMe WWID udev attribute (bsc#1038865)
   - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives
   - rules: Add rules for NVMe devices
   - sysusers: Make group shadow support configurable (bsc#1029516)
   - core: When deserializing a unit, fully restore its cgroup state
     (bsc#1029102)
   - core: Introduce cg_mask_from_string()/cg_mask_to_string()
   - core:execute: Fix handling failures of calling fork() in exec_spawn()
     (bsc#1040258)
   - Fix systemd-sysv-convert when a package starts shipping service units
     (bsc#982303) The database might be missing when upgrading a package
     which was shipping no sysv init scripts nor unit files (at the time
     --save was called) but the new version start shipping unit files.
   - Disable group shadow support (bsc#1029516)
   - Only check signature job error if signature job exists (bsc#1043758)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1104=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1104=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1104=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1104=1

   - OpenStack Cloud Magnum Orchestration 7:

      zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1104=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

      libudev-devel-228-149.3
      systemd-debuginfo-228-149.3
      systemd-debugsource-228-149.3
      systemd-devel-228-149.3

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      libsystemd0-228-149.3
      libsystemd0-debuginfo-228-149.3
      libudev1-228-149.3
      libudev1-debuginfo-228-149.3
      systemd-228-149.3
      systemd-debuginfo-228-149.3
      systemd-debugsource-228-149.3
      systemd-sysvinit-228-149.3
      udev-228-149.3
      udev-debuginfo-228-149.3

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):

      systemd-bash-completion-228-149.3

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

      libsystemd0-228-149.3
      libsystemd0-debuginfo-228-149.3
      libudev1-228-149.3
      libudev1-debuginfo-228-149.3
      systemd-228-149.3
      systemd-debuginfo-228-149.3
      systemd-debugsource-228-149.3
      systemd-sysvinit-228-149.3
      udev-228-149.3
      udev-debuginfo-228-149.3

   - SUSE Linux Enterprise Server 12-SP2 (noarch):

      systemd-bash-completion-228-149.3

   - SUSE Linux Enterprise Server 12-SP2 (x86_64):

      libsystemd0-32bit-228-149.3
      libsystemd0-debuginfo-32bit-228-149.3
      libudev1-32bit-228-149.3
      libudev1-debuginfo-32bit-228-149.3
      systemd-32bit-228-149.3
      systemd-debuginfo-32bit-228-149.3

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      libsystemd0-228-149.3
      libsystemd0-32bit-228-149.3
      libsystemd0-debuginfo-228-149.3
      libsystemd0-debuginfo-32bit-228-149.3
      libudev1-228-149.3
      libudev1-32bit-228-149.3
      libudev1-debuginfo-228-149.3
      libudev1-debuginfo-32bit-228-149.3
      systemd-228-149.3
      systemd-32bit-228-149.3
      systemd-debuginfo-228-149.3
      systemd-debuginfo-32bit-228-149.3
      systemd-debugsource-228-149.3
      systemd-sysvinit-228-149.3
      udev-228-149.3
      udev-debuginfo-228-149.3

   - SUSE Linux Enterprise Desktop 12-SP2 (noarch):

      systemd-bash-completion-228-149.3

   - OpenStack Cloud Magnum Orchestration 7 (x86_64):

      libsystemd0-228-149.3
      libsystemd0-debuginfo-228-149.3
      libudev1-228-149.3
      libudev1-debuginfo-228-149.3
      systemd-228-149.3
      systemd-debuginfo-228-149.3
      systemd-debugsource-228-149.3
      systemd-sysvinit-228-149.3
      udev-228-149.3
      udev-debuginfo-228-149.3


References:

   https://www.suse.com/security/cve/CVE-2017-9217.html
   https://bugzilla.suse.com/1004995
   https://bugzilla.suse.com/1029102
   https://bugzilla.suse.com/1029516
   https://bugzilla.suse.com/1036873
   https://bugzilla.suse.com/1038865
   https://bugzilla.suse.com/1040258
   https://bugzilla.suse.com/1040614
   https://bugzilla.suse.com/1040942
   https://bugzilla.suse.com/1043758
   https://bugzilla.suse.com/982303



More information about the sle-security-updates mailing list