Security update for systemd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:0425-2 Final 1 1 2019-04-12T18:04:35Z current 2019-04-12T18:04:35Z 2019-04-12T18:04:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-425,SUSE-SLE-SAP-12-SP1-2019-425 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20190425-2/ Link for SUSE-SU-2019:0425-2 https://lists.suse.com/pipermail/sle-security-updates/2019-April/005336.html E-Mail link for SUSE-SU-2019:0425-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1125352 SUSE Bug 1125352 https://www.suse.com/security/cve/CVE-2019-6454/ SUSE CVE CVE-2019-6454 page SUSE Linux Enterprise Server for SAP Applications 12 SP1 libgudev-1_0-0-210-116.22.1 libgudev-1_0-0-32bit-210-116.22.1 libgudev-1_0-0-64bit-210-116.22.1 libgudev-1_0-devel-210-116.22.1 libudev-devel-210-116.22.1 libudev-mini-devel-210-116.22.1 libudev-mini1-210-116.22.1 libudev1-210-116.22.1 libudev1-32bit-210-116.22.1 libudev1-64bit-210-116.22.1 nss-myhostname-210-116.22.1 nss-myhostname-32bit-210-116.22.1 nss-myhostname-64bit-210-116.22.1 systemd-210-116.22.1 systemd-32bit-210-116.22.1 systemd-64bit-210-116.22.1 systemd-bash-completion-210-116.22.1 systemd-devel-210-116.22.1 systemd-journal-gateway-210-116.22.1 systemd-logger-210-116.22.1 systemd-mini-210-116.22.1 systemd-mini-devel-210-116.22.1 systemd-mini-sysvinit-210-116.22.1 systemd-sysvinit-210-116.22.1 typelib-1_0-GUdev-1_0-210-116.22.1 udev-210-116.22.1 udev-mini-210-116.22.1 libgudev-1_0-0-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libgudev-1_0-0-32bit-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libgudev-1_0-devel-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libudev-devel-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libudev1-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libudev1-32bit-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 systemd-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 systemd-32bit-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 systemd-bash-completion-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 systemd-devel-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 systemd-sysvinit-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 typelib-1_0-GUdev-1_0-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 udev-210-116.22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). CVE-2019-6454 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgudev-1_0-0-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgudev-1_0-0-32bit-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgudev-1_0-devel-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libudev-devel-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libudev1-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libudev1-32bit-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:systemd-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:systemd-32bit-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:systemd-bash-completion-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:systemd-devel-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:systemd-sysvinit-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:typelib-1_0-GUdev-1_0-210-116.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:udev-210-116.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190425-2/ https://www.suse.com/security/cve/CVE-2019-6454.html CVE-2019-6454 https://bugzilla.suse.com/1125352 SUSE Bug 1125352