SUSE-SU-2018:3644-1 -- SLES systemd, libsystemd0, libudev-devel, libudev1, udevID: oval:org.secpod.oval:def:89049700 | Date: (C)2023-12-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Non security issues fixed: - dhcp6: split assert_return to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize fails - core: properly handle deserialization of unknown unit types - core: don"t create Requires for workdir if "missing ok" - logind: use manager_get_user_by_pid where appropriate - logind: rework manager_get_{user|session}_by_pid a bit - login: fix user at .service case, so we don"t allow nested sessions - core: be more defensive if we can"t determine per-connection socket peer - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing "continue" statement - core/mount: fstype may be NULL - journald: don"t ship systemd-journald-audit.socket - core: make "tmpfs" dependencies on swapfs a "default" dep, not an "implicit" - mount: make sure we unmount tmpfs mounts before we deactivate swaps - detect-virt: do not try to read all of /proc/cpuinfo - emergency: make sure console password agents don"t interfere with the emergency shell - man: document that "nofail" also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority - journal: fix syslog_parse_identifier - install: drop left-over debug message - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it"s never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. - man: SystemMaxUse= clarification in journald.conf. - systemctl: load unit if needed in "systemctl is-active" - core: don"t freeze OnCalendar= timer units when the clock goes back a lot - Enable or disable machines.target according to the presets - cryptsetup: add support for sector-size= option - nspawn: always use permission mode 555 for /sys - Bugfix for a race condition between daemon-reload and other commands - Fixes an issue where login with root credentials was not possible in init level 5 - Fix an issue where services of type "notify" harmless DENIED log entries. - Does no longer adjust qgroups on existing subvolumes - cryptsetup: add support for sector-size= option
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
Product: |
systemd |
libsystemd0 |
libudev-devel |
libudev1 |
udev |