Security update for systemd

SUSE Security Update: Security update for systemd

Announcement ID:	SUSE-SU-2016:1351-1
Rating:	moderate
References:	#959886 #960158 #963230 #965897 #967122 #970423 #970860 #972612 #972727 #973848 #976766 #978275
Affected Products:	SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12

An update that solves two vulnerabilities and has 10 fixes is now available.

Description:

This update for SystemD provides fixes and enhancements.

The following security issue has been fixed:

- Don't allow read access to journal files to users. (bsc#972612,
CVE-2014-9770, CVE-2015-8842)

The following non-security issues have been fixed:

- Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
- Incorrect permissions set after boot on journal files. (bsc#973848)
- Exclude device-mapper from block device ownership event locking.
(bsc#972727)
- Explicitly set mode for /run/log.
- Don't apply sgid and executable bit to journal files, only the
directories they are contained in.
- Add ability to mask access mode by pre-existing access mode on
files/directories.
- No need to pass --all if inactive is explicitly requested in list-units.
(bsc#967122)
- Fix automount option and don't start associated mount unit at boot.
(bsc#970423)
- Support more than just power-gpio-key. (fate#318444, bsc#970860)
- Add standard gpio power button support. (fate#318444, bsc#970860)
- Downgrade warnings about wanted unit which are not found. (bsc#960158)
- Shorten hostname before checking for trailing dot. (bsc#965897)
- Remove WorkingDirectory parameter from emergency, rescue and
console-shell.service. (bsc#959886)
- Don't ship boot.udev and systemd-journald.init anymore.
- Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2016-791=1
SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2016-791=1
SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-791=1

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
- libgudev-1_0-devel-210-70.48.1
- libudev-devel-210-70.48.1
- systemd-debuginfo-210-70.48.1
- systemd-debugsource-210-70.48.1
- systemd-devel-210-70.48.1
- typelib-1_0-GUdev-1_0-210-70.48.1
SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
- libgudev-1_0-0-210-70.48.1
- libgudev-1_0-0-debuginfo-210-70.48.1
- libudev1-210-70.48.1
- libudev1-debuginfo-210-70.48.1
- systemd-210-70.48.1
- systemd-debuginfo-210-70.48.1
- systemd-debugsource-210-70.48.1
- systemd-sysvinit-210-70.48.1
- udev-210-70.48.1
- udev-debuginfo-210-70.48.1
SUSE Linux Enterprise Server 12 (s390x x86_64):
- libgudev-1_0-0-32bit-210-70.48.1
- libgudev-1_0-0-debuginfo-32bit-210-70.48.1
- libudev1-32bit-210-70.48.1
- libudev1-debuginfo-32bit-210-70.48.1
- systemd-32bit-210-70.48.1
- systemd-debuginfo-32bit-210-70.48.1
SUSE Linux Enterprise Server 12 (noarch):
- systemd-bash-completion-210-70.48.1
SUSE Linux Enterprise Desktop 12 (x86_64):
- libgudev-1_0-0-210-70.48.1
- libgudev-1_0-0-32bit-210-70.48.1
- libgudev-1_0-0-debuginfo-210-70.48.1
- libgudev-1_0-0-debuginfo-32bit-210-70.48.1
- libudev1-210-70.48.1
- libudev1-32bit-210-70.48.1
- libudev1-debuginfo-210-70.48.1
- libudev1-debuginfo-32bit-210-70.48.1
- systemd-210-70.48.1
- systemd-32bit-210-70.48.1
- systemd-debuginfo-210-70.48.1
- systemd-debuginfo-32bit-210-70.48.1
- systemd-debugsource-210-70.48.1
- systemd-sysvinit-210-70.48.1
- udev-210-70.48.1
- udev-debuginfo-210-70.48.1
SUSE Linux Enterprise Desktop 12 (noarch):
- systemd-bash-completion-210-70.48.1

Security update for systemd

Description:

Patch Instructions:

Package List:

References: