openSUSE-SU-2017:1844-1: moderate: Security update for systemd

12 Jul 2017

      openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:1844-1
Rating:             moderate
References:         #1004995 #1029102 #1029516 #1036873 #1038865 
                    #1040258 #1040614 #1040942 #1043758 #982303 

Cross-References:   CVE-2017-9217
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves one vulnerability and has 9 fixes is
   now available.

Description:

   This update for systemd fixes the following issues:

   Security issue fixed:

   - CVE-2017-9217: resolved: Fix null pointer p->question dereferencing that
     could lead to resolved aborting (bsc#1040614)

   The update also fixed several non-security bugs:

   - core/mount: Use the "-c" flag to not canonicalize paths when calling
     /bin/umount
   - automount: Handle expire_tokens when the mount unit changes its state
     (bsc#1040942)
   - automount: Rework propagation between automount and mount units
   - build: Make sure tmpfiles.d/systemd-remote.conf get installed when
     necessary
   - build: Fix systemd-journal-upload installation
   - basic: Detect XEN Dom0 as no virtualization (bsc#1036873)
   - virt: Make sure some errors are not ignored
   - fstab-generator: Do not skip Before= ordering for noauto mountpoints
   - fstab-gen: Do not convert device timeout into seconds when initializing
     JobTimeoutSec
   - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)
   - fstab-generator: Apply the _netdev option also to device units
     (bsc#1004995)
   - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)
   - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)
   - rules: Export NVMe WWID udev attribute (bsc#1038865)
   - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives
   - rules: Add rules for NVMe devices
   - sysusers: Make group shadow support configurable (bsc#1029516)
   - core: When deserializing a unit, fully restore its cgroup state
     (bsc#1029102)
   - core: Introduce cg_mask_from_string()/cg_mask_to_string()
   - core:execute: Fix handling failures of calling fork() in exec_spawn()
     (bsc#1040258)
   - Fix systemd-sysv-convert when a package starts shipping service units
     (bsc#982303) The database might be missing when upgrading a package
     which was shipping no sysv init scripts nor unit files (at the time
     --save was called) but the new version start shipping unit files.
   - Disable group shadow support (bsc#1029516)
   - Only check signature job error if signature job exists (bsc#1043758)

   This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-806=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE Leap 42.2 (i586 x86_64):

      libsystemd0-228-25.6.1
      libsystemd0-debuginfo-228-25.6.1
      libsystemd0-mini-228-25.6.1
      libsystemd0-mini-debuginfo-228-25.6.1
      libudev-devel-228-25.6.1
      libudev-mini-devel-228-25.6.1
      libudev-mini1-228-25.6.1
      libudev-mini1-debuginfo-228-25.6.1
      libudev1-228-25.6.1
      libudev1-debuginfo-228-25.6.1
      nss-myhostname-228-25.6.1
      nss-myhostname-debuginfo-228-25.6.1
      nss-mymachines-228-25.6.1
      nss-mymachines-debuginfo-228-25.6.1
      systemd-228-25.6.1
      systemd-debuginfo-228-25.6.1
      systemd-debugsource-228-25.6.1
      systemd-devel-228-25.6.1
      systemd-logger-228-25.6.1
      systemd-mini-228-25.6.1
      systemd-mini-debuginfo-228-25.6.1
      systemd-mini-debugsource-228-25.6.1
      systemd-mini-devel-228-25.6.1
      systemd-mini-sysvinit-228-25.6.1
      systemd-sysvinit-228-25.6.1
      udev-228-25.6.1
      udev-debuginfo-228-25.6.1
      udev-mini-228-25.6.1
      udev-mini-debuginfo-228-25.6.1

   - openSUSE Leap 42.2 (x86_64):

      libsystemd0-32bit-228-25.6.1
      libsystemd0-debuginfo-32bit-228-25.6.1
      libudev1-32bit-228-25.6.1
      libudev1-debuginfo-32bit-228-25.6.1
      nss-myhostname-32bit-228-25.6.1
      nss-myhostname-debuginfo-32bit-228-25.6.1
      systemd-32bit-228-25.6.1
      systemd-debuginfo-32bit-228-25.6.1

   - openSUSE Leap 42.2 (noarch):

      systemd-bash-completion-228-25.6.1
      systemd-mini-bash-completion-228-25.6.1

References:

   https://www.suse.com/security/cve/CVE-2017-9217.html
   https://bugzilla.suse.com/1004995
   https://bugzilla.suse.com/1029102
   https://bugzilla.suse.com/1029516
   https://bugzilla.suse.com/1036873
   https://bugzilla.suse.com/1038865
   https://bugzilla.suse.com/1040258
   https://bugzilla.suse.com/1040614
   https://bugzilla.suse.com/1040942
   https://bugzilla.suse.com/1043758
   https://bugzilla.suse.com/982303

openSUSE-SU-2017:1844-1: moderate: Security update for systemd

opensuse-security＠opensuse.org