Security update for systemd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:2809-1 Final 1 1 2021-08-23T10:12:44Z current 2021-08-23T10:12:44Z 2021-08-23T10:12:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-2809 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFXYBJHAFZNV57EZ4VL2LC446RMO7HVT/ E-Mail link for openSUSE-SU-2021:2809-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1166028 SUSE Bug 1166028 https://bugzilla.suse.com/1171962 SUSE Bug 1171962 https://bugzilla.suse.com/1184994 SUSE Bug 1184994 https://bugzilla.suse.com/1185972 SUSE Bug 1185972 https://bugzilla.suse.com/1188063 SUSE Bug 1188063 https://www.suse.com/security/cve/CVE-2020-13529/ SUSE CVE CVE-2020-13529 page https://www.suse.com/security/cve/CVE-2021-33910/ SUSE CVE CVE-2021-33910 page openSUSE Leap 15.3 libsystemd0-246.15-7.11.1 libsystemd0-32bit-246.15-7.11.1 libudev-devel-246.15-7.11.1 libudev-devel-32bit-246.15-7.11.1 libudev1-246.15-7.11.1 libudev1-32bit-246.15-7.11.1 nss-myhostname-246.15-7.11.1 nss-myhostname-32bit-246.15-7.11.1 nss-mymachines-246.15-7.11.1 nss-mymachines-32bit-246.15-7.11.1 nss-resolve-246.15-7.11.1 nss-systemd-246.15-7.11.1 systemd-246.15-7.11.1 systemd-32bit-246.15-7.11.1 systemd-container-246.15-7.11.1 systemd-coredump-246.15-7.11.1 systemd-devel-246.15-7.11.1 systemd-doc-246.15-7.11.1 systemd-journal-remote-246.15-7.11.1 systemd-lang-246.15-7.11.1 systemd-logger-246.15-7.11.1 systemd-network-246.15-7.11.1 systemd-sysvinit-246.15-7.11.1 udev-246.15-7.11.1 libsystemd0-246.15-7.11.1 as a component of openSUSE Leap 15.3 libsystemd0-32bit-246.15-7.11.1 as a component of openSUSE Leap 15.3 libudev-devel-246.15-7.11.1 as a component of openSUSE Leap 15.3 libudev-devel-32bit-246.15-7.11.1 as a component of openSUSE Leap 15.3 libudev1-246.15-7.11.1 as a component of openSUSE Leap 15.3 libudev1-32bit-246.15-7.11.1 as a component of openSUSE Leap 15.3 nss-myhostname-246.15-7.11.1 as a component of openSUSE Leap 15.3 nss-myhostname-32bit-246.15-7.11.1 as a component of openSUSE Leap 15.3 nss-mymachines-246.15-7.11.1 as a component of openSUSE Leap 15.3 nss-mymachines-32bit-246.15-7.11.1 as a component of openSUSE Leap 15.3 nss-resolve-246.15-7.11.1 as a component of openSUSE Leap 15.3 nss-systemd-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-32bit-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-container-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-coredump-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-devel-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-doc-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-journal-remote-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-lang-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-logger-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-network-246.15-7.11.1 as a component of openSUSE Leap 15.3 systemd-sysvinit-246.15-7.11.1 as a component of openSUSE Leap 15.3 udev-246.15-7.11.1 as a component of openSUSE Leap 15.3 An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. CVE-2020-13529 openSUSE Leap 15.3:libsystemd0-246.15-7.11.1 openSUSE Leap 15.3:libsystemd0-32bit-246.15-7.11.1 openSUSE Leap 15.3:libudev-devel-246.15-7.11.1 openSUSE Leap 15.3:libudev-devel-32bit-246.15-7.11.1 openSUSE Leap 15.3:libudev1-246.15-7.11.1 openSUSE Leap 15.3:libudev1-32bit-246.15-7.11.1 openSUSE Leap 15.3:nss-myhostname-246.15-7.11.1 openSUSE Leap 15.3:nss-myhostname-32bit-246.15-7.11.1 openSUSE Leap 15.3:nss-mymachines-246.15-7.11.1 openSUSE Leap 15.3:nss-mymachines-32bit-246.15-7.11.1 openSUSE Leap 15.3:nss-resolve-246.15-7.11.1 openSUSE Leap 15.3:nss-systemd-246.15-7.11.1 openSUSE Leap 15.3:systemd-246.15-7.11.1 openSUSE Leap 15.3:systemd-32bit-246.15-7.11.1 openSUSE Leap 15.3:systemd-container-246.15-7.11.1 openSUSE Leap 15.3:systemd-coredump-246.15-7.11.1 openSUSE Leap 15.3:systemd-devel-246.15-7.11.1 openSUSE Leap 15.3:systemd-doc-246.15-7.11.1 openSUSE Leap 15.3:systemd-journal-remote-246.15-7.11.1 openSUSE Leap 15.3:systemd-lang-246.15-7.11.1 openSUSE Leap 15.3:systemd-logger-246.15-7.11.1 openSUSE Leap 15.3:systemd-network-246.15-7.11.1 openSUSE Leap 15.3:systemd-sysvinit-246.15-7.11.1 openSUSE Leap 15.3:udev-246.15-7.11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFXYBJHAFZNV57EZ4VL2LC446RMO7HVT/ https://www.suse.com/security/cve/CVE-2020-13529.html CVE-2020-13529 https://bugzilla.suse.com/1185972 SUSE Bug 1185972 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. CVE-2021-33910 openSUSE Leap 15.3:libsystemd0-246.15-7.11.1 openSUSE Leap 15.3:libsystemd0-32bit-246.15-7.11.1 openSUSE Leap 15.3:libudev-devel-246.15-7.11.1 openSUSE Leap 15.3:libudev-devel-32bit-246.15-7.11.1 openSUSE Leap 15.3:libudev1-246.15-7.11.1 openSUSE Leap 15.3:libudev1-32bit-246.15-7.11.1 openSUSE Leap 15.3:nss-myhostname-246.15-7.11.1 openSUSE Leap 15.3:nss-myhostname-32bit-246.15-7.11.1 openSUSE Leap 15.3:nss-mymachines-246.15-7.11.1 openSUSE Leap 15.3:nss-mymachines-32bit-246.15-7.11.1 openSUSE Leap 15.3:nss-resolve-246.15-7.11.1 openSUSE Leap 15.3:nss-systemd-246.15-7.11.1 openSUSE Leap 15.3:systemd-246.15-7.11.1 openSUSE Leap 15.3:systemd-32bit-246.15-7.11.1 openSUSE Leap 15.3:systemd-container-246.15-7.11.1 openSUSE Leap 15.3:systemd-coredump-246.15-7.11.1 openSUSE Leap 15.3:systemd-devel-246.15-7.11.1 openSUSE Leap 15.3:systemd-doc-246.15-7.11.1 openSUSE Leap 15.3:systemd-journal-remote-246.15-7.11.1 openSUSE Leap 15.3:systemd-lang-246.15-7.11.1 openSUSE Leap 15.3:systemd-logger-246.15-7.11.1 openSUSE Leap 15.3:systemd-network-246.15-7.11.1 openSUSE Leap 15.3:systemd-sysvinit-246.15-7.11.1 openSUSE Leap 15.3:udev-246.15-7.11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PFXYBJHAFZNV57EZ4VL2LC446RMO7HVT/ https://www.suse.com/security/cve/CVE-2021-33910.html CVE-2021-33910 https://bugzilla.suse.com/1188062 SUSE Bug 1188062 https://bugzilla.suse.com/1188063 SUSE Bug 1188063