SUSE-SU-2018:0299-1: moderate: Security update for systemd
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jan 30 10:10:46 MST 2018
SUSE Security Update: Security update for systemd
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0299-1
Rating: moderate
References: #1048510 #1065276 #1066156 #1068251 #1070428
#1071558 #1074254 #1075724 #1076308 #897422
Cross-References: CVE-2017-15908 CVE-2018-1049
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
SUSE CaaS Platform ALL
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves two vulnerabilities and has 8 fixes
is now available.
Description:
This update for systemd fixes several issues.
This security issue was fixed:
- CVE-2018-1049: Prevent race that can lead to DoS when using automounts
(bsc#1076308).
These non-security issues were fixed:
- core: don't choke if a unit another unit triggers vanishes during reload
- delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX
- delta: extend skip logic to work on full directory paths (prefix+suffix)
(bsc#1070428)
- delta: check if a prefix needs to be skipped only once
- delta: skip symlink paths when split-usr is enabled (#4591)
- sysctl: use raw file descriptor in sysctl_write (#7753)
- sd-netlink: don't take possesion of netlink fd from caller on failure
(bsc#1074254)
- Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It
was missing the following case: "/dev/disk/by-id/cr_-xxx".
- sysctl: disable buffer while writing to /proc (bsc#1071558)
- Use read_line() and LONG_LINE_MAX to read values configuration files.
(bsc#1071558)
- sysctl: no need to check for eof twice
- def: add new constant LONG_LINE_MAX
- fileio: add new helper call read_line() as bounded getline() replacement
- service: Don't stop unneeded units needed by restarted service (#7526)
(bsc#1066156)
- gpt-auto-generator: fix the handling of the value returned by
fstab_has_fstype() in add_swap() (#6280)
- gpt-auto-generator: disable gpt auto logic for swaps if at least one is
defined in fstab (bsc#897422)
- fstab-util: introduce fstab_has_fstype() helper
- fstab-generator: ignore root=/dev/nfs (#3591)
- fstab-generator: don't process root= if it happens to be "gpt-auto"
(#3452)
- virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662)
(#7581) (bsc#1048510)
- analyze: replace --no-man with --man=no in the man page (bsc#1068251)
- udev: net_setup_link: don't error out when we couldn't apply link config
(#7328)
- Add missing /etc/systemd/network directory
- Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)
- sd-bus: use -- when passing arguments to ssh (#6706)
- systemctl: make sure we terminate the bus connection first, and then
close the pager (#3550)
- sd-bus: bump message queue size (bsc#1075724)
- tmpfiles: downgrade warning about duplicate line
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP3:
zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-213=1
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-213=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-213=1
- SUSE Linux Enterprise Server 12-SP3:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-213=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-213=1
- SUSE Linux Enterprise Desktop 12-SP3:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-213=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-213=1
- SUSE CaaS Platform ALL:
zypper in -t patch SUSE-CAASP-ALL-2018-213=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-213=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):
libudev-devel-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-devel-228-150.29.1
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
libudev-devel-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-devel-228-150.29.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
libsystemd0-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libudev1-228-150.29.1
libudev1-debuginfo-228-150.29.1
systemd-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch):
systemd-bash-completion-228-150.29.1
- SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
libsystemd0-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libudev1-228-150.29.1
libudev1-debuginfo-228-150.29.1
systemd-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
- SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):
libsystemd0-32bit-228-150.29.1
libsystemd0-debuginfo-32bit-228-150.29.1
libudev1-32bit-228-150.29.1
libudev1-debuginfo-32bit-228-150.29.1
systemd-32bit-228-150.29.1
systemd-debuginfo-32bit-228-150.29.1
- SUSE Linux Enterprise Server 12-SP3 (noarch):
systemd-bash-completion-228-150.29.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):
libsystemd0-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libudev1-228-150.29.1
libudev1-debuginfo-228-150.29.1
systemd-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
- SUSE Linux Enterprise Server 12-SP2 (s390x x86_64):
libsystemd0-32bit-228-150.29.1
libsystemd0-debuginfo-32bit-228-150.29.1
libudev1-32bit-228-150.29.1
libudev1-debuginfo-32bit-228-150.29.1
systemd-32bit-228-150.29.1
systemd-debuginfo-32bit-228-150.29.1
- SUSE Linux Enterprise Server 12-SP2 (noarch):
systemd-bash-completion-228-150.29.1
- SUSE Linux Enterprise Desktop 12-SP3 (x86_64):
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libsystemd0-debuginfo-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
libudev1-debuginfo-228-150.29.1
libudev1-debuginfo-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debuginfo-32bit-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
- SUSE Linux Enterprise Desktop 12-SP3 (noarch):
systemd-bash-completion-228-150.29.1
- SUSE Linux Enterprise Desktop 12-SP2 (noarch):
systemd-bash-completion-228-150.29.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libsystemd0-228-150.29.1
libsystemd0-32bit-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libsystemd0-debuginfo-32bit-228-150.29.1
libudev1-228-150.29.1
libudev1-32bit-228-150.29.1
libudev1-debuginfo-228-150.29.1
libudev1-debuginfo-32bit-228-150.29.1
systemd-228-150.29.1
systemd-32bit-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debuginfo-32bit-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
- SUSE CaaS Platform ALL (x86_64):
libsystemd0-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libudev1-228-150.29.1
libudev1-debuginfo-228-150.29.1
systemd-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
libsystemd0-228-150.29.1
libsystemd0-debuginfo-228-150.29.1
libudev1-228-150.29.1
libudev1-debuginfo-228-150.29.1
systemd-228-150.29.1
systemd-debuginfo-228-150.29.1
systemd-debugsource-228-150.29.1
systemd-sysvinit-228-150.29.1
udev-228-150.29.1
udev-debuginfo-228-150.29.1
References:
https://www.suse.com/security/cve/CVE-2017-15908.html
https://www.suse.com/security/cve/CVE-2018-1049.html
https://bugzilla.suse.com/1048510
https://bugzilla.suse.com/1065276
https://bugzilla.suse.com/1066156
https://bugzilla.suse.com/1068251
https://bugzilla.suse.com/1070428
https://bugzilla.suse.com/1071558
https://bugzilla.suse.com/1074254
https://bugzilla.suse.com/1075724
https://bugzilla.suse.com/1076308
https://bugzilla.suse.com/897422
More information about the sle-security-updates
mailing list