Security update for systemd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:1773-1 Final 1 1 2017-07-04T14:14:16Z current 2017-07-04T14:14:16Z 2017-07-04T14:14:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-9217: resolved: Fix null pointer p->question dereferencing that could lead to resolved aborting (bsc#1040614) The update also fixed several non-security bugs: - core/mount: Use the '-c' flag to not canonicalize paths when calling /bin/umount - automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942) - automount: Rework propagation between automount and mount units - build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary - build: Fix systemd-journal-upload installation - basic: Detect XEN Dom0 as no virtualization (bsc#1036873) - virt: Make sure some errors are not ignored - fstab-generator: Do not skip Before= ordering for noauto mountpoints - fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995) - fstab-generator: Apply the _netdev option also to device units (bsc#1004995) - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995) - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995) - rules: Export NVMe WWID udev attribute (bsc#1038865) - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives - rules: Add rules for NVMe devices - sysusers: Make group shadow support configurable (bsc#1029516) - core: When deserializing a unit, fully restore its cgroup state (bsc#1029102) - core: Introduce cg_mask_from_string()/cg_mask_to_string() - core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258) - Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files. - Disable group shadow support (bsc#1029516) - Only check signature job error if signature job exists (bsc#1043758) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1104,SUSE-SLE-DESKTOP-12-SP2-2017-1104,SUSE-SLE-RPI-12-SP2-2017-1104,SUSE-SLE-SDK-12-SP2-2017-1104,SUSE-SLE-SERVER-12-SP2-2017-1104 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20171773-1/ Link for SUSE-SU-2017:1773-1 https://lists.suse.com/pipermail/sle-security-updates/2017-July/003005.html E-Mail link for SUSE-SU-2017:1773-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1004995 SUSE Bug 1004995 https://bugzilla.suse.com/1029102 SUSE Bug 1029102 https://bugzilla.suse.com/1029516 SUSE Bug 1029516 https://bugzilla.suse.com/1036873 SUSE Bug 1036873 https://bugzilla.suse.com/1038865 SUSE Bug 1038865 https://bugzilla.suse.com/1040258 SUSE Bug 1040258 https://bugzilla.suse.com/1040614 SUSE Bug 1040614 https://bugzilla.suse.com/1040942 SUSE Bug 1040942 https://bugzilla.suse.com/1043758 SUSE Bug 1043758 https://bugzilla.suse.com/982303 SUSE Bug 982303 https://www.suse.com/security/cve/CVE-2017-9217/ SUSE CVE CVE-2017-9217 page SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 libsystemd0-228-149.3 libsystemd0-32bit-228-149.3 libudev1-228-149.3 libudev1-32bit-228-149.3 systemd-228-149.3 systemd-32bit-228-149.3 systemd-bash-completion-228-149.3 systemd-sysvinit-228-149.3 udev-228-149.3 libudev-devel-228-149.3 systemd-devel-228-149.3 libsystemd0-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 libsystemd0-32bit-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 libudev1-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 libudev1-32bit-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 systemd-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 systemd-32bit-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 systemd-bash-completion-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 systemd-sysvinit-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 udev-228-149.3 as a component of SUSE Linux Enterprise Desktop 12 SP2 libsystemd0-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 libsystemd0-32bit-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 libudev1-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 libudev1-32bit-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 systemd-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 systemd-32bit-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 systemd-bash-completion-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 systemd-sysvinit-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 udev-228-149.3 as a component of SUSE Linux Enterprise Server 12 SP2 libsystemd0-228-149.3 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libudev1-228-149.3 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 systemd-228-149.3 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 systemd-bash-completion-228-149.3 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 systemd-sysvinit-228-149.3 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 udev-228-149.3 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libsystemd0-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libsystemd0-32bit-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libudev1-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libudev1-32bit-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 systemd-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 systemd-32bit-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 systemd-bash-completion-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 systemd-sysvinit-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 udev-228-149.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libudev-devel-228-149.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 systemd-devel-228-149.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. CVE-2017-9217 SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:libsystemd0-32bit-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:libudev1-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:libudev1-32bit-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:systemd-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:systemd-32bit-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:systemd-bash-completion-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:systemd-sysvinit-228-149.3 SUSE Linux Enterprise Desktop 12 SP2:udev-228-149.3 SUSE Linux Enterprise Server 12 SP2:libsystemd0-228-149.3 SUSE Linux Enterprise Server 12 SP2:libsystemd0-32bit-228-149.3 SUSE Linux Enterprise Server 12 SP2:libudev1-228-149.3 SUSE Linux Enterprise Server 12 SP2:libudev1-32bit-228-149.3 SUSE Linux Enterprise Server 12 SP2:systemd-228-149.3 SUSE Linux Enterprise Server 12 SP2:systemd-32bit-228-149.3 SUSE Linux Enterprise Server 12 SP2:systemd-bash-completion-228-149.3 SUSE Linux Enterprise Server 12 SP2:systemd-sysvinit-228-149.3 SUSE Linux Enterprise Server 12 SP2:udev-228-149.3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libsystemd0-228-149.3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libudev1-228-149.3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:systemd-228-149.3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:systemd-bash-completion-228-149.3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:systemd-sysvinit-228-149.3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:udev-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libsystemd0-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libsystemd0-32bit-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libudev1-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libudev1-32bit-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:systemd-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:systemd-32bit-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:systemd-bash-completion-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:systemd-sysvinit-228-149.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:udev-228-149.3 SUSE Linux Enterprise Software Development Kit 12 SP2:libudev-devel-228-149.3 SUSE Linux Enterprise Software Development Kit 12 SP2:systemd-devel-228-149.3 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171773-1/ https://www.suse.com/security/cve/CVE-2017-9217.html CVE-2017-9217 https://bugzilla.suse.com/1040614 SUSE Bug 1040614