Security update for systemd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3348-1 Final 1 1 2021-10-12T11:08:15Z current 2021-10-12T11:08:15Z 2021-10-12T11:08:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3348 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MCSKB4ZMNVGFIMLLPPNFDQMFKY7DLL4L/ E-Mail link for openSUSE-SU-2021:3348-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1134353 SUSE Bug 1134353 https://bugzilla.suse.com/1171962 SUSE Bug 1171962 https://bugzilla.suse.com/1184994 SUSE Bug 1184994 https://bugzilla.suse.com/1188018 SUSE Bug 1188018 https://bugzilla.suse.com/1188063 SUSE Bug 1188063 https://bugzilla.suse.com/1188291 SUSE Bug 1188291 https://bugzilla.suse.com/1188713 SUSE Bug 1188713 https://bugzilla.suse.com/1189480 SUSE Bug 1189480 https://bugzilla.suse.com/1190234 SUSE Bug 1190234 https://www.suse.com/security/cve/CVE-2021-33910/ SUSE CVE CVE-2021-33910 page openSUSE Leap 15.3 systemd-bash-completion-234-24.93.1 systemd-bash-completion-234-24.93.1 as a component of openSUSE Leap 15.3 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. CVE-2021-33910 openSUSE Leap 15.3:systemd-bash-completion-234-24.93.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MCSKB4ZMNVGFIMLLPPNFDQMFKY7DLL4L/ https://www.suse.com/security/cve/CVE-2021-33910.html CVE-2021-33910 https://bugzilla.suse.com/1188062 SUSE Bug 1188062 https://bugzilla.suse.com/1188063 SUSE Bug 1188063