Security update for systemd
Announcement ID: | SUSE-SU-2016:1351-1 |
Rating: | moderate |
References: | #959886 #960158 #963230 #965897 #967122 #970423 #970860 #972612 #972727 #973848 #976766 #978275 |
Affected Products: |
An update that solves two vulnerabilities and has 10 fixes is now available.
Description:
This update for SystemD provides fixes and enhancements.
The following security issue has been fixed:
- Don't allow read access to journal files to users. (bsc#972612,
CVE-2014-9770, CVE-2015-8842)
The following non-security issues have been fixed:
- Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
- Incorrect permissions set after boot on journal files. (bsc#973848)
- Exclude device-mapper from block device ownership event locking.
(bsc#972727)
- Explicitly set mode for /run/log.
- Don't apply sgid and executable bit to journal files, only the
directories they are contained in.
- Add ability to mask access mode by pre-existing access mode on
files/directories.
- No need to pass --all if inactive is explicitly requested in list-units.
(bsc#967122)
- Fix automount option and don't start associated mount unit at boot.
(bsc#970423)
- Support more than just power-gpio-key. (fate#318444, bsc#970860)
- Add standard gpio power button support. (fate#318444, bsc#970860)
- Downgrade warnings about wanted unit which are not found. (bsc#960158)
- Shorten hostname before checking for trailing dot. (bsc#965897)
- Remove WorkingDirectory parameter from emergency, rescue and
console-shell.service. (bsc#959886)
- Don't ship boot.udev and systemd-journald.init anymore.
- Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2016-791=1
- SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2016-791=1
- SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-791=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
- libgudev-1_0-devel-210-70.48.1
- libudev-devel-210-70.48.1
- systemd-debuginfo-210-70.48.1
- systemd-debugsource-210-70.48.1
- systemd-devel-210-70.48.1
- typelib-1_0-GUdev-1_0-210-70.48.1
- SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
- libgudev-1_0-0-210-70.48.1
- libgudev-1_0-0-debuginfo-210-70.48.1
- libudev1-210-70.48.1
- libudev1-debuginfo-210-70.48.1
- systemd-210-70.48.1
- systemd-debuginfo-210-70.48.1
- systemd-debugsource-210-70.48.1
- systemd-sysvinit-210-70.48.1
- udev-210-70.48.1
- udev-debuginfo-210-70.48.1
- SUSE Linux Enterprise Server 12 (s390x x86_64):
- libgudev-1_0-0-32bit-210-70.48.1
- libgudev-1_0-0-debuginfo-32bit-210-70.48.1
- libudev1-32bit-210-70.48.1
- libudev1-debuginfo-32bit-210-70.48.1
- systemd-32bit-210-70.48.1
- systemd-debuginfo-32bit-210-70.48.1
- SUSE Linux Enterprise Server 12 (noarch):
- systemd-bash-completion-210-70.48.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
- libgudev-1_0-0-210-70.48.1
- libgudev-1_0-0-32bit-210-70.48.1
- libgudev-1_0-0-debuginfo-210-70.48.1
- libgudev-1_0-0-debuginfo-32bit-210-70.48.1
- libudev1-210-70.48.1
- libudev1-32bit-210-70.48.1
- libudev1-debuginfo-210-70.48.1
- libudev1-debuginfo-32bit-210-70.48.1
- systemd-210-70.48.1
- systemd-32bit-210-70.48.1
- systemd-debuginfo-210-70.48.1
- systemd-debuginfo-32bit-210-70.48.1
- systemd-debugsource-210-70.48.1
- systemd-sysvinit-210-70.48.1
- udev-210-70.48.1
- udev-debuginfo-210-70.48.1
- SUSE Linux Enterprise Desktop 12 (noarch):
- systemd-bash-completion-210-70.48.1
References:
- https://www.suse.com/security/cve/CVE-2014-9770.html
- https://www.suse.com/security/cve/CVE-2015-8842.html
- https://bugzilla.suse.com/959886
- https://bugzilla.suse.com/960158
- https://bugzilla.suse.com/963230
- https://bugzilla.suse.com/965897
- https://bugzilla.suse.com/967122
- https://bugzilla.suse.com/970423
- https://bugzilla.suse.com/970860
- https://bugzilla.suse.com/972612
- https://bugzilla.suse.com/972727
- https://bugzilla.suse.com/973848
- https://bugzilla.suse.com/976766
- https://bugzilla.suse.com/978275