openSUSE-SU-2018:0320-1: moderate: Security update for systemd - openSUSE Updates

31 Jan 2018


      openSUSE Security Update: Security update for systemd
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2018:0320-1
Rating:             moderate
References:         #1048510 #1065276 #1066156 #1068251 #1070428 
                    #1071558 #1074254 #1075724 #1076308 #897422
Cross-References:   CVE-2017-15908 CVE-2018-1049
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________
An update that solves two vulnerabilities and has 8 fixes
   is now available.
Description:
This update for systemd fixes several issues.
This security issue was fixed:
- CVE-2018-1049: Prevent race that can lead to DoS when using automounts
     (bsc#1076308).
These non-security issues were fixed:
- core: don't choke if a unit another unit triggers vanishes during reload
   - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX
   - delta: extend skip logic to work on full directory paths (prefix+suffix)
     (bsc#1070428)
   - delta: check if a prefix needs to be skipped only once
   - delta: skip symlink paths when split-usr is enabled (#4591)
   - sysctl: use raw file descriptor in sysctl_write (#7753)
   - sd-netlink: don't take possesion of netlink fd from caller on failure
     (bsc#1074254)
   - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It
     was missing the following case: "/dev/disk/by-id/cr_-xxx".
   - sysctl: disable buffer while writing to /proc (bsc#1071558)
   - Use read_line() and LONG_LINE_MAX to read values configuration files.
     (bsc#1071558)
   - sysctl: no need to check for eof twice
   - def: add new constant LONG_LINE_MAX
   - fileio: add new helper call read_line() as bounded getline() replacement
   - service: Don't stop unneeded units needed by restarted service (#7526)
     (bsc#1066156)
   - gpt-auto-generator: fix the handling of the value returned by
     fstab_has_fstype() in add_swap() (#6280)
   - gpt-auto-generator: disable gpt auto logic for swaps if at least one is
     defined in fstab (bsc#897422)
   - fstab-util: introduce fstab_has_fstype() helper
   - fstab-generator: ignore root=/dev/nfs (#3591)
   - fstab-generator: don't process root= if it happens to be "gpt-auto"
     (#3452)
   - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662)
     (#7581) (bsc#1048510)
   - analyze: replace --no-man with --man=no in the man page (bsc#1068251)
   - udev: net_setup_link: don't error out when we couldn't apply link config
     (#7328)
   - Add missing /etc/systemd/network directory
   - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)
   - sd-bus: use -- when passing arguments to ssh (#6706)
   - systemctl: make sure we terminate the bus connection first, and then
     close the pager (#3550)
   - sd-bus: bump message queue size (bsc#1075724)
   - tmpfiles: downgrade warning about duplicate line
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-117=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (i586 x86_64):
libsystemd0-228-41.1
      libsystemd0-debuginfo-228-41.1
      libsystemd0-mini-228-41.1
      libsystemd0-mini-debuginfo-228-41.1
      libudev-devel-228-41.1
      libudev-mini-devel-228-41.1
      libudev-mini1-228-41.1
      libudev-mini1-debuginfo-228-41.1
      libudev1-228-41.1
      libudev1-debuginfo-228-41.1
      nss-myhostname-228-41.1
      nss-myhostname-debuginfo-228-41.1
      nss-mymachines-228-41.1
      nss-mymachines-debuginfo-228-41.1
      systemd-228-41.1
      systemd-debuginfo-228-41.1
      systemd-debugsource-228-41.1
      systemd-devel-228-41.1
      systemd-logger-228-41.1
      systemd-mini-228-41.1
      systemd-mini-debuginfo-228-41.1
      systemd-mini-debugsource-228-41.1
      systemd-mini-devel-228-41.1
      systemd-mini-sysvinit-228-41.1
      systemd-sysvinit-228-41.1
      udev-228-41.1
      udev-debuginfo-228-41.1
      udev-mini-228-41.1
      udev-mini-debuginfo-228-41.1
- openSUSE Leap 42.3 (x86_64):
libsystemd0-32bit-228-41.1
      libsystemd0-debuginfo-32bit-228-41.1
      libudev1-32bit-228-41.1
      libudev1-debuginfo-32bit-228-41.1
      nss-myhostname-32bit-228-41.1
      nss-myhostname-debuginfo-32bit-228-41.1
      systemd-32bit-228-41.1
      systemd-debuginfo-32bit-228-41.1
- openSUSE Leap 42.3 (noarch):
systemd-bash-completion-228-41.1
      systemd-mini-bash-completion-228-41.1
References:
https://www.suse.com/security/cve/CVE-2017-15908.html
   https://www.suse.com/security/cve/CVE-2018-1049.html
   https://bugzilla.suse.com/1048510
   https://bugzilla.suse.com/1065276
   https://bugzilla.suse.com/1066156
   https://bugzilla.suse.com/1068251
   https://bugzilla.suse.com/1070428
   https://bugzilla.suse.com/1071558
   https://bugzilla.suse.com/1074254
   https://bugzilla.suse.com/1075724
   https://bugzilla.suse.com/1076308
   https://bugzilla.suse.com/897422