Security update for systemd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3767-2 Final 1 1 2018-12-10T07:10:37Z current 2018-12-10T07:10:37Z 2018-12-10T07:10:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP4-2018-2659,SUSE-SLE-SDK-12-SP4-2018-2659,SUSE-SLE-SERVER-12-SP4-2018-2659 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183767-2/ Link for SUSE-SU-2018:3767-2 https://lists.suse.com/pipermail/sle-security-updates/2018-December/004941.html E-Mail link for SUSE-SU-2018:3767-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1106923 SUSE Bug 1106923 https://bugzilla.suse.com/1108835 SUSE Bug 1108835 https://bugzilla.suse.com/1109252 SUSE Bug 1109252 https://bugzilla.suse.com/1110445 SUSE Bug 1110445 https://bugzilla.suse.com/1111278 SUSE Bug 1111278 https://bugzilla.suse.com/1112024 SUSE Bug 1112024 https://bugzilla.suse.com/1113083 SUSE Bug 1113083 https://bugzilla.suse.com/1113632 SUSE Bug 1113632 https://bugzilla.suse.com/1113665 SUSE Bug 1113665 https://www.suse.com/security/cve/CVE-2018-15686/ SUSE CVE CVE-2018-15686 page https://www.suse.com/security/cve/CVE-2018-15688/ SUSE CVE CVE-2018-15688 page SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 libsystemd0-228-150.53.3 libsystemd0-32bit-228-150.53.3 libudev1-228-150.53.3 libudev1-32bit-228-150.53.3 systemd-228-150.53.3 systemd-32bit-228-150.53.3 systemd-bash-completion-228-150.53.3 systemd-sysvinit-228-150.53.3 udev-228-150.53.3 libudev-devel-228-150.53.3 systemd-devel-228-150.53.3 libsystemd0-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 libsystemd0-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 libudev1-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 libudev1-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 systemd-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 systemd-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 systemd-bash-completion-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 systemd-sysvinit-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 udev-228-150.53.3 as a component of SUSE Linux Enterprise Desktop 12 SP4 libsystemd0-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 libsystemd0-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 libudev1-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 libudev1-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 systemd-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 systemd-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 systemd-bash-completion-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 systemd-sysvinit-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 udev-228-150.53.3 as a component of SUSE Linux Enterprise Server 12 SP4 libsystemd0-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libsystemd0-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libudev1-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libudev1-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 systemd-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 systemd-32bit-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 systemd-bash-completion-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 systemd-sysvinit-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 udev-228-150.53.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libudev-devel-228-150.53.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 systemd-devel-228-150.53.3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. CVE-2018-15686 SUSE Linux Enterprise Desktop 12 SP4:libsystemd0-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:libsystemd0-32bit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:libudev1-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:libudev1-32bit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-32bit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-bash-completion-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-sysvinit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:udev-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libsystemd0-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libsystemd0-32bit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libudev1-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libudev1-32bit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-32bit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-bash-completion-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-sysvinit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:udev-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsystemd0-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsystemd0-32bit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libudev1-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libudev1-32bit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-32bit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-bash-completion-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-sysvinit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:udev-228-150.53.3 SUSE Linux Enterprise Software Development Kit 12 SP4:libudev-devel-228-150.53.3 SUSE Linux Enterprise Software Development Kit 12 SP4:systemd-devel-228-150.53.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183767-2/ https://www.suse.com/security/cve/CVE-2018-15686.html CVE-2018-15686 https://bugzilla.suse.com/1113665 SUSE Bug 1113665 https://bugzilla.suse.com/1120323 SUSE Bug 1120323 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. CVE-2018-15688 SUSE Linux Enterprise Desktop 12 SP4:libsystemd0-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:libsystemd0-32bit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:libudev1-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:libudev1-32bit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-32bit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-bash-completion-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:systemd-sysvinit-228-150.53.3 SUSE Linux Enterprise Desktop 12 SP4:udev-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libsystemd0-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libsystemd0-32bit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libudev1-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:libudev1-32bit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-32bit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-bash-completion-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:systemd-sysvinit-228-150.53.3 SUSE Linux Enterprise Server 12 SP4:udev-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsystemd0-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libsystemd0-32bit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libudev1-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libudev1-32bit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-32bit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-bash-completion-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:systemd-sysvinit-228-150.53.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:udev-228-150.53.3 SUSE Linux Enterprise Software Development Kit 12 SP4:libudev-devel-228-150.53.3 SUSE Linux Enterprise Software Development Kit 12 SP4:systemd-devel-228-150.53.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183767-2/ https://www.suse.com/security/cve/CVE-2018-15688.html CVE-2018-15688 https://bugzilla.suse.com/1113632 SUSE Bug 1113632 https://bugzilla.suse.com/1113668 SUSE Bug 1113668 https://bugzilla.suse.com/1113669 SUSE Bug 1113669