Mailinglist Archive: opensuse-updates (133 mails)

< Previous Next >
openSUSE-SU-2016:1414-1: moderate: Security update for systemd
openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1414-1
Rating: moderate
References: #959886 #960158 #963230 #965897 #967122 #970423
#970860 #972612 #972727 #973848 #976766 #978275

Cross-References: CVE-2014-9770 CVE-2015-8842
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves two vulnerabilities and has 10 fixes
is now available.

Description:


This update for SystemD provides fixes and enhancements.

The following security issue has been fixed:

- Don't allow read access to journal files to users. (bsc#972612,
CVE-2014-9770, CVE-2015-8842)

The following non-security issues have been fixed:

- Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
- Incorrect permissions set after boot on journal files. (bsc#973848)
- Exclude device-mapper from block device ownership event locking.
(bsc#972727)
- Explicitly set mode for /run/log.
- Don't apply sgid and executable bit to journal files, only the
directories they are contained in.
- Add ability to mask access mode by pre-existing access mode on
files/directories.
- No need to pass --all if inactive is explicitly requested in list-units.
(bsc#967122)
- Fix automount option and don't start associated mount unit at boot.
(bsc#970423)
- Support more than just power-gpio-key. (fate#318444, bsc#970860)
- Add standard gpio power button support. (fate#318444, bsc#970860)
- Downgrade warnings about wanted unit which are not found. (bsc#960158)
- Shorten hostname before checking for trailing dot. (bsc#965897)
- Remove WorkingDirectory parameter from emergency, rescue and
console-shell.service. (bsc#959886)
- Don't ship boot.udev and systemd-journald.init anymore.
- Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230)

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-648=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libgudev-1_0-0-210-92.1
libgudev-1_0-0-debuginfo-210-92.1
libgudev-1_0-devel-210-92.1
libudev-devel-210-92.1
libudev-mini-devel-210-92.1
libudev-mini1-210-92.1
libudev-mini1-debuginfo-210-92.1
libudev1-210-92.1
libudev1-debuginfo-210-92.1
nss-myhostname-210-92.1
nss-myhostname-debuginfo-210-92.1
systemd-210-92.1
systemd-debuginfo-210-92.1
systemd-debugsource-210-92.1
systemd-devel-210-92.1
systemd-journal-gateway-210-92.1
systemd-journal-gateway-debuginfo-210-92.1
systemd-logger-210-92.1
systemd-mini-210-92.1
systemd-mini-debuginfo-210-92.1
systemd-mini-debugsource-210-92.1
systemd-mini-devel-210-92.1
systemd-mini-sysvinit-210-92.1
systemd-sysvinit-210-92.1
typelib-1_0-GUdev-1_0-210-92.1
udev-210-92.1
udev-debuginfo-210-92.1
udev-mini-210-92.1
udev-mini-debuginfo-210-92.1

- openSUSE Leap 42.1 (noarch):

systemd-bash-completion-210-92.1

- openSUSE Leap 42.1 (x86_64):

libgudev-1_0-0-32bit-210-92.1
libgudev-1_0-0-debuginfo-32bit-210-92.1
libudev1-32bit-210-92.1
libudev1-debuginfo-32bit-210-92.1
nss-myhostname-32bit-210-92.1
nss-myhostname-debuginfo-32bit-210-92.1
systemd-32bit-210-92.1
systemd-debuginfo-32bit-210-92.1


References:

https://www.suse.com/security/cve/CVE-2014-9770.html
https://www.suse.com/security/cve/CVE-2015-8842.html
https://bugzilla.suse.com/959886
https://bugzilla.suse.com/960158
https://bugzilla.suse.com/963230
https://bugzilla.suse.com/965897
https://bugzilla.suse.com/967122
https://bugzilla.suse.com/970423
https://bugzilla.suse.com/970860
https://bugzilla.suse.com/972612
https://bugzilla.suse.com/972727
https://bugzilla.suse.com/973848
https://bugzilla.suse.com/976766
https://bugzilla.suse.com/978275


< Previous Next >
This Thread
  • No further messages