Hello community, here is the log from the commit of package patchinfo.4624 for openSUSE:13.1:Update checked in at 2016-04-19 15:26:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.4624 (Old) and /work/SRC/openSUSE:13.1:Update/.patchinfo.4624.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.4624" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ --- /var/tmp/diff_new_pack.WLPLfD/_old 2016-04-19 15:26:33.000000000 +0200 +++ /var/tmp/diff_new_pack.WLPLfD/_new 2016-04-19 15:26:33.000000000 +0200 @@ -1,11 +1,49 @@ <patchinfo incident="4624"> - <category>recommended</category> + <packager>fbui</packager> + <issue tracker="cve" id="2014-9770"></issue> + <issue tracker="cve" id="2015-8842"></issue> + <issue tracker="bnc" id="959886">Fails to provide echo/prompt in EMERGENCY mode</issue> + <issue tracker="bnc" id="960158">nfs-utils and nfs-server make systemd fill up the logs ....</issue> + <issue tracker="bnc" id="963230">systemd ignores systemd.log_level=debug in cmdline with quiet</issue> + <issue tracker="bnc" id="965897">hostnamectl set-hostname fails to set hostnames with "." at position 64 if hostname longer than 64 characters for OpenStack guest</issue> + <issue tracker="bnc" id="967122">systemctl bash completion not working properly for "start" able services</issue> + <issue tracker="bnc" id="970423">systemd: fstab-generator doesnt honor automount option</issue> + <issue tracker="bnc" id="970860">missing support for gpio triggered graceful system shutdown</issue> + <issue tracker="bnc" id="972612">VUL-1: CVE-2014-9770: systemd: Archived journal files are world readable</issue> + <issue tracker="bnc" id="972727">dmsetup remove always fails when the --force option is used</issue> + <issue tracker="fate" id="318444"></issue> + <category>security</category> <rating>moderate</rating> - <packager>mkubecek</packager> - <summary>Linux kernel 3.12 version upgrade</summary> - <description> -This update brings the Linux Kernel in openSUSE 13.1 Evergreen to a 3.12.53 based kernel. + <summary>Security update for systemd</summary> + <description>This update for systemd fixes several issues: -The kernel uses the SUSE Linux Enterprise 12 SP1 kernel sources. -</description> + e5e362a udev: exclude MD from block device ownership event locking + 8839413 udev: really exclude device-mapper from block device ownership event locking + 66782e6 udev: exclude device-mapper from block device ownership event locking (bsc#972727) + 1386f57 tmpfiles: explicitly set mode for /run/log + faadb74 tmpfiles: don't allow read access to journal files to users not in systemd-journal + 9b1ef37 tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in + 011c39f tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories + 07e2d60 tmpfiles: get rid of "m" lines + d504e28 tmpfiles: various modernizations + f97250d systemctl: no need to pass --all if inactive is explicitly requested in list-units (bsc#967122) + 2686573 fstab-generator: fix automount option and don't start associated mount unit at boot (bsc#970423) + 5c1637d login: support more than just power-gpio-key (fate#318444) (bsc#970860) + 2c95ecd logind: add standard gpio power button support (fate#318444) (bsc#970860) + af3eb93 Revert "log-target-null-instead-kmsg" + 555dad4 shorten hostname before checking for trailing dot (bsc#965897) + 522194c Revert "log: honour the kernel's quiet cmdline argument" (bsc#963230) + cc94e47 transaction: downgrade warnings about wanted unit which are not found (bsc#960158) + eb3cfb3 Revert "vhangup-on-all-consoles" + 0c28752 remove WorkingDirectory parameter from emergency, rescue and console-shell.service (bsc#959886) + +- Don't allow read access to journal files to users (boo#972612 CVE-2014-9770 CVE-2015-8842) + Remove the world read bit from the permissions of (persistent) + archived journals. This was incorrectly set due to backported commit + 18afa5c2a7a6c215. + For the same reasons we also have to fix the permissions of + /run/log/journal/&lt;machine-id&gt; directory to make sure that regular + user won't access to its content. + +- spec: remove libudev1 runtime dependencies on udev</description> </patchinfo>