Security update for systemd
| Announcement ID: | SUSE-SU-2016:1346-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities and has 10 security fixes can now be installed.
Description:
This update for SystemD provides fixes and enhancements.
The following security issue has been fixed:
- Don't allow read access to journal files to users. (bsc#972612, CVE-2014-9770, CVE-2015-8842)
The following non-security issues have been fixed:
- Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
- Incorrect permissions set after boot on journal files. (bsc#973848)
- Exclude device-mapper from block device ownership event locking. (bsc#972727)
- Explicitly set mode for /run/log.
- Don't apply sgid and executable bit to journal files, only the directories they are contained in.
- Add ability to mask access mode by pre-existing access mode on files/directories.
- No need to pass --all if inactive is explicitly requested in list-units. (bsc#967122)
- Fix automount option and don't start associated mount unit at boot. (bsc#970423)
- Support more than just power-gpio-key. (fate#318444, bsc#970860)
- Add standard gpio power button support. (fate#318444, bsc#970860)
- Downgrade warnings about wanted unit which are not found. (bsc#960158)
- Shorten hostname before checking for trailing dot. (bsc#965897)
- Remove WorkingDirectory parameter from emergency, rescue and console-shell.service. (bsc#959886)
- Don't ship boot.udev and systemd-journald.init anymore.
- Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1
zypper in -t patch SUSE-SLE-BSK-12-SP1-2016-790=1 -
SUSE Linux Enterprise Desktop 12 SP1
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-790=1 -
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-790=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-790=1 -
SUSE Linux Enterprise Server 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-790=1
Package List:
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1 (ppc64le s390x x86_64)
- systemd-mini-debuginfo-210-104.1
- udev-mini-210-104.1
- libudev-mini1-debuginfo-210-104.1
- libudev-mini-devel-210-104.1
- systemd-mini-210-104.1
- systemd-mini-devel-210-104.1
- udev-mini-debuginfo-210-104.1
- libudev-mini1-210-104.1
- systemd-mini-debugsource-210-104.1
-
SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
- systemd-debuginfo-210-104.1
- libgudev-1_0-0-32bit-210-104.1
- libgudev-1_0-0-210-104.1
- systemd-210-104.1
- udev-debuginfo-210-104.1
- libudev1-210-104.1
- libgudev-1_0-0-debuginfo-210-104.1
- systemd-debugsource-210-104.1
- systemd-sysvinit-210-104.1
- libudev1-debuginfo-210-104.1
- systemd-32bit-210-104.1
- udev-210-104.1
- libudev1-debuginfo-32bit-210-104.1
- libgudev-1_0-0-debuginfo-32bit-210-104.1
- libudev1-32bit-210-104.1
- systemd-debuginfo-32bit-210-104.1
-
SUSE Linux Enterprise Desktop 12 SP1 (noarch)
- systemd-bash-completion-210-104.1
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- libgudev-1_0-devel-210-104.1
- libudev-devel-210-104.1
- systemd-debuginfo-210-104.1
- systemd-debugsource-210-104.1
- systemd-devel-210-104.1
- typelib-1_0-GUdev-1_0-210-104.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- systemd-debuginfo-210-104.1
- libgudev-1_0-0-210-104.1
- systemd-210-104.1
- udev-debuginfo-210-104.1
- libudev1-210-104.1
- libgudev-1_0-0-debuginfo-210-104.1
- systemd-debugsource-210-104.1
- systemd-sysvinit-210-104.1
- libudev1-debuginfo-210-104.1
- udev-210-104.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
- systemd-bash-completion-210-104.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
- libgudev-1_0-0-32bit-210-104.1
- systemd-32bit-210-104.1
- libudev1-debuginfo-32bit-210-104.1
- libgudev-1_0-0-debuginfo-32bit-210-104.1
- libudev1-32bit-210-104.1
- systemd-debuginfo-32bit-210-104.1
-
SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
- systemd-debuginfo-210-104.1
- libgudev-1_0-0-210-104.1
- systemd-210-104.1
- udev-debuginfo-210-104.1
- libudev1-210-104.1
- libgudev-1_0-0-debuginfo-210-104.1
- systemd-debugsource-210-104.1
- systemd-sysvinit-210-104.1
- libudev1-debuginfo-210-104.1
- udev-210-104.1
-
SUSE Linux Enterprise Server 12 SP1 (noarch)
- systemd-bash-completion-210-104.1
-
SUSE Linux Enterprise Server 12 SP1 (s390x x86_64)
- libgudev-1_0-0-32bit-210-104.1
- systemd-32bit-210-104.1
- libudev1-debuginfo-32bit-210-104.1
- libgudev-1_0-0-debuginfo-32bit-210-104.1
- libudev1-32bit-210-104.1
- systemd-debuginfo-32bit-210-104.1
References:
- https://www.suse.com/security/cve/CVE-2014-9770.html
- https://www.suse.com/security/cve/CVE-2015-8842.html
- https://bugzilla.suse.com/show_bug.cgi?id=959886
- https://bugzilla.suse.com/show_bug.cgi?id=960158
- https://bugzilla.suse.com/show_bug.cgi?id=963230
- https://bugzilla.suse.com/show_bug.cgi?id=965897
- https://bugzilla.suse.com/show_bug.cgi?id=967122
- https://bugzilla.suse.com/show_bug.cgi?id=970423
- https://bugzilla.suse.com/show_bug.cgi?id=970860
- https://bugzilla.suse.com/show_bug.cgi?id=972612
- https://bugzilla.suse.com/show_bug.cgi?id=972727
- https://bugzilla.suse.com/show_bug.cgi?id=973848
- https://bugzilla.suse.com/show_bug.cgi?id=976766
- https://bugzilla.suse.com/show_bug.cgi?id=978275