Security update for systemd

Announcement ID:	SUSE-SU-2020:0353-1
Rating:	important
References:	bsc#1106383 bsc#1127557 bsc#1133495 bsc#1139459 bsc#1140631 bsc#1150595 bsc#1151377 bsc#1151506 bsc#1154043 bsc#1154948 bsc#1155574 bsc#1156482 bsc#1159814 bsc#1162108
Cross-References:	CVE-2020-1712
CVSS scores:	CVE-2020-1712 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-1712 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves one vulnerability and has 13 security fixes can now be installed.

Description:

This update for systemd provides the following fixes:

• CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages.
• sd-bus: Deal with cookie overruns. (bsc#1150595)
• rules: Add by-id symlinks for persistent memory. (bsc#1140631)
• Drop the old fds used for logging and reopen them in the sub process before doing any new logging. (bsc#1154948)
• Fix warnings thrown during package installation (bsc#1154043)
• Fix for systemctl hanging by restart. (bsc#1139459)
• man: mention that alias names are only effective after 'systemctl enable'. (bsc#1151377)
• ask-password: improve log message when inotify limit is reached. (bsc#1155574)
• udevd: wait for workers to finish when exiting. (bsc#1106383)
• core: fragments of masked units ought not be considered for NeedDaemonReload. (bsc#1156482)
• udev: fix 'NULL' deref when executing rules. (bsc#1151506)
• Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-353=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-353=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-353=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-353=1

Package List:

• SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
  • systemd-debugsource-228-157.9.1
  • systemd-devel-228-157.9.1
  • systemd-debuginfo-228-157.9.1
  • libudev-devel-228-157.9.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • udev-debuginfo-228-157.9.1
  • systemd-debuginfo-228-157.9.1
  • libudev1-228-157.9.1
  • systemd-228-157.9.1
  • systemd-debugsource-228-157.9.1
  • systemd-sysvinit-228-157.9.1
  • libsystemd0-debuginfo-228-157.9.1
  • udev-228-157.9.1
  • libsystemd0-228-157.9.1
  • libudev1-debuginfo-228-157.9.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • systemd-bash-completion-228-157.9.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • systemd-32bit-228-157.9.1
  • libsystemd0-debuginfo-32bit-228-157.9.1
  • libudev1-32bit-228-157.9.1
  • libsystemd0-32bit-228-157.9.1
  • libudev1-debuginfo-32bit-228-157.9.1
  • systemd-debuginfo-32bit-228-157.9.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • udev-debuginfo-228-157.9.1
  • systemd-debuginfo-228-157.9.1
  • libudev1-228-157.9.1
  • systemd-228-157.9.1
  • systemd-debugsource-228-157.9.1
  • systemd-sysvinit-228-157.9.1
  • libsystemd0-debuginfo-228-157.9.1
  • udev-228-157.9.1
  • libsystemd0-228-157.9.1
  • libudev1-debuginfo-228-157.9.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • systemd-bash-completion-228-157.9.1
• SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
  • systemd-32bit-228-157.9.1
  • libsystemd0-debuginfo-32bit-228-157.9.1
  • libsystemd0-32bit-228-157.9.1
  • libudev1-32bit-228-157.9.1
  • libudev1-debuginfo-32bit-228-157.9.1
  • systemd-debuginfo-32bit-228-157.9.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • udev-debuginfo-228-157.9.1
  • systemd-debuginfo-228-157.9.1
  • libudev1-228-157.9.1
  • systemd-228-157.9.1
  • systemd-debugsource-228-157.9.1
  • systemd-sysvinit-228-157.9.1
  • libsystemd0-debuginfo-228-157.9.1
  • udev-228-157.9.1
  • libsystemd0-228-157.9.1
  • libudev1-debuginfo-228-157.9.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • systemd-bash-completion-228-157.9.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • systemd-32bit-228-157.9.1
  • libsystemd0-debuginfo-32bit-228-157.9.1
  • libudev1-32bit-228-157.9.1
  • libsystemd0-32bit-228-157.9.1
  • libudev1-debuginfo-32bit-228-157.9.1
  • systemd-debuginfo-32bit-228-157.9.1

References:

• https://www.suse.com/security/cve/CVE-2020-1712.html
• https://bugzilla.suse.com/show_bug.cgi?id=1106383
• https://bugzilla.suse.com/show_bug.cgi?id=1127557
• https://bugzilla.suse.com/show_bug.cgi?id=1133495
• https://bugzilla.suse.com/show_bug.cgi?id=1139459
• https://bugzilla.suse.com/show_bug.cgi?id=1140631
• https://bugzilla.suse.com/show_bug.cgi?id=1150595
• https://bugzilla.suse.com/show_bug.cgi?id=1151377
• https://bugzilla.suse.com/show_bug.cgi?id=1151506
• https://bugzilla.suse.com/show_bug.cgi?id=1154043
• https://bugzilla.suse.com/show_bug.cgi?id=1154948
• https://bugzilla.suse.com/show_bug.cgi?id=1155574
• https://bugzilla.suse.com/show_bug.cgi?id=1156482
• https://bugzilla.suse.com/show_bug.cgi?id=1159814
• https://bugzilla.suse.com/show_bug.cgi?id=1162108