Security update for systemd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1450-1 Final 1 1 2019-05-27T14:52:27Z current 2019-05-27T14:52:27Z 2019-05-27T14:52:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html E-Mail link for openSUSE-SU-2019:1450-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libsystemd0-228-71.1 libsystemd0-32bit-228-71.1 libsystemd0-mini-228-71.1 libudev-devel-228-71.1 libudev-mini-devel-228-71.1 libudev-mini1-228-71.1 libudev1-228-71.1 libudev1-32bit-228-71.1 nss-myhostname-228-71.1 nss-myhostname-32bit-228-71.1 nss-mymachines-228-71.1 systemd-228-71.1 systemd-32bit-228-71.1 systemd-bash-completion-228-71.1 systemd-devel-228-71.1 systemd-logger-228-71.1 systemd-mini-228-71.1 systemd-mini-bash-completion-228-71.1 systemd-mini-devel-228-71.1 systemd-mini-sysvinit-228-71.1 systemd-sysvinit-228-71.1 udev-228-71.1 udev-mini-228-71.1 libsystemd0-228-71.1 as a component of openSUSE Leap 42.3 libsystemd0-32bit-228-71.1 as a component of openSUSE Leap 42.3 libsystemd0-mini-228-71.1 as a component of openSUSE Leap 42.3 libudev-devel-228-71.1 as a component of openSUSE Leap 42.3 libudev-mini-devel-228-71.1 as a component of openSUSE Leap 42.3 libudev-mini1-228-71.1 as a component of openSUSE Leap 42.3 libudev1-228-71.1 as a component of openSUSE Leap 42.3 libudev1-32bit-228-71.1 as a component of openSUSE Leap 42.3 nss-myhostname-228-71.1 as a component of openSUSE Leap 42.3 nss-myhostname-32bit-228-71.1 as a component of openSUSE Leap 42.3 nss-mymachines-228-71.1 as a component of openSUSE Leap 42.3 systemd-228-71.1 as a component of openSUSE Leap 42.3 systemd-32bit-228-71.1 as a component of openSUSE Leap 42.3 systemd-bash-completion-228-71.1 as a component of openSUSE Leap 42.3 systemd-devel-228-71.1 as a component of openSUSE Leap 42.3 systemd-logger-228-71.1 as a component of openSUSE Leap 42.3 systemd-mini-228-71.1 as a component of openSUSE Leap 42.3 systemd-mini-bash-completion-228-71.1 as a component of openSUSE Leap 42.3 systemd-mini-devel-228-71.1 as a component of openSUSE Leap 42.3 systemd-mini-sysvinit-228-71.1 as a component of openSUSE Leap 42.3 systemd-sysvinit-228-71.1 as a component of openSUSE Leap 42.3 udev-228-71.1 as a component of openSUSE Leap 42.3 udev-mini-228-71.1 as a component of openSUSE Leap 42.3 systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. CVE-2018-6954 openSUSE Leap 42.3:libsystemd0-228-71.1 openSUSE Leap 42.3:libsystemd0-32bit-228-71.1 openSUSE Leap 42.3:libsystemd0-mini-228-71.1 openSUSE Leap 42.3:libudev-devel-228-71.1 openSUSE Leap 42.3:libudev-mini-devel-228-71.1 openSUSE Leap 42.3:libudev-mini1-228-71.1 openSUSE Leap 42.3:libudev1-228-71.1 openSUSE Leap 42.3:libudev1-32bit-228-71.1 openSUSE Leap 42.3:nss-myhostname-228-71.1 openSUSE Leap 42.3:nss-myhostname-32bit-228-71.1 openSUSE Leap 42.3:nss-mymachines-228-71.1 openSUSE Leap 42.3:systemd-228-71.1 openSUSE Leap 42.3:systemd-32bit-228-71.1 openSUSE Leap 42.3:systemd-bash-completion-228-71.1 openSUSE Leap 42.3:systemd-devel-228-71.1 openSUSE Leap 42.3:systemd-logger-228-71.1 openSUSE Leap 42.3:systemd-mini-228-71.1 openSUSE Leap 42.3:systemd-mini-bash-completion-228-71.1 openSUSE Leap 42.3:systemd-mini-devel-228-71.1 openSUSE Leap 42.3:systemd-mini-sysvinit-228-71.1 openSUSE Leap 42.3:systemd-sysvinit-228-71.1 openSUSE Leap 42.3:udev-228-71.1 openSUSE Leap 42.3:udev-mini-228-71.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html https://www.suse.com/security/cve/CVE-2018-6954.html CVE-2018-6954 https://bugzilla.suse.com/1080919 SUSE Bug 1080919 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". CVE-2019-3842 openSUSE Leap 42.3:libsystemd0-228-71.1 openSUSE Leap 42.3:libsystemd0-32bit-228-71.1 openSUSE Leap 42.3:libsystemd0-mini-228-71.1 openSUSE Leap 42.3:libudev-devel-228-71.1 openSUSE Leap 42.3:libudev-mini-devel-228-71.1 openSUSE Leap 42.3:libudev-mini1-228-71.1 openSUSE Leap 42.3:libudev1-228-71.1 openSUSE Leap 42.3:libudev1-32bit-228-71.1 openSUSE Leap 42.3:nss-myhostname-228-71.1 openSUSE Leap 42.3:nss-myhostname-32bit-228-71.1 openSUSE Leap 42.3:nss-mymachines-228-71.1 openSUSE Leap 42.3:systemd-228-71.1 openSUSE Leap 42.3:systemd-32bit-228-71.1 openSUSE Leap 42.3:systemd-bash-completion-228-71.1 openSUSE Leap 42.3:systemd-devel-228-71.1 openSUSE Leap 42.3:systemd-logger-228-71.1 openSUSE Leap 42.3:systemd-mini-228-71.1 openSUSE Leap 42.3:systemd-mini-bash-completion-228-71.1 openSUSE Leap 42.3:systemd-mini-devel-228-71.1 openSUSE Leap 42.3:systemd-mini-sysvinit-228-71.1 openSUSE Leap 42.3:systemd-sysvinit-228-71.1 openSUSE Leap 42.3:udev-228-71.1 openSUSE Leap 42.3:udev-mini-228-71.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html https://www.suse.com/security/cve/CVE-2019-3842.html CVE-2019-3842 https://bugzilla.suse.com/1132348 SUSE Bug 1132348 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). CVE-2019-6454 openSUSE Leap 42.3:libsystemd0-228-71.1 openSUSE Leap 42.3:libsystemd0-32bit-228-71.1 openSUSE Leap 42.3:libsystemd0-mini-228-71.1 openSUSE Leap 42.3:libudev-devel-228-71.1 openSUSE Leap 42.3:libudev-mini-devel-228-71.1 openSUSE Leap 42.3:libudev-mini1-228-71.1 openSUSE Leap 42.3:libudev1-228-71.1 openSUSE Leap 42.3:libudev1-32bit-228-71.1 openSUSE Leap 42.3:nss-myhostname-228-71.1 openSUSE Leap 42.3:nss-myhostname-32bit-228-71.1 openSUSE Leap 42.3:nss-mymachines-228-71.1 openSUSE Leap 42.3:systemd-228-71.1 openSUSE Leap 42.3:systemd-32bit-228-71.1 openSUSE Leap 42.3:systemd-bash-completion-228-71.1 openSUSE Leap 42.3:systemd-devel-228-71.1 openSUSE Leap 42.3:systemd-logger-228-71.1 openSUSE Leap 42.3:systemd-mini-228-71.1 openSUSE Leap 42.3:systemd-mini-bash-completion-228-71.1 openSUSE Leap 42.3:systemd-mini-devel-228-71.1 openSUSE Leap 42.3:systemd-mini-sysvinit-228-71.1 openSUSE Leap 42.3:systemd-sysvinit-228-71.1 openSUSE Leap 42.3:udev-228-71.1 openSUSE Leap 42.3:udev-mini-228-71.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html https://www.suse.com/security/cve/CVE-2019-6454.html CVE-2019-6454 https://bugzilla.suse.com/1125352 SUSE Bug 1125352