Security update for systemd

Announcement ID:	SUSE-SU-2021:3348-1
Rating:	moderate
References:	bsc#1134353 bsc#1171962 bsc#1184994 bsc#1188018 bsc#1188063 bsc#1188291 bsc#1188713 bsc#1189480 bsc#1190234 jsc#SLE-21032
Cross-References:	CVE-2021-33910
CVSS scores:	CVE-2021-33910 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33910 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves one vulnerability, contains one feature and has eight security fixes can now be installed.

Description:

This update for systemd fixes the following issues:

• CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

• logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).

• Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
• Rules weren't applied to dm devices (multipath) (bsc#1188713).
• Ignore obsolete "elevator" kernel parameter (bsc#1184994, bsc#1190234).
• Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
• Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
• Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15-SP2
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3348=1

Package List:

• Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64)
  • systemd-container-234-24.93.1
  • systemd-debugsource-234-24.93.1
  • systemd-container-debuginfo-234-24.93.1
  • systemd-coredump-234-24.93.1
  • systemd-234-24.93.1
  • libudev-devel-234-24.93.1
  • libudev1-debuginfo-234-24.93.1
  • systemd-coredump-debuginfo-234-24.93.1
  • libudev1-234-24.93.1
  • systemd-debuginfo-234-24.93.1
  • udev-234-24.93.1
  • udev-debuginfo-234-24.93.1
  • libsystemd0-234-24.93.1
  • libsystemd0-debuginfo-234-24.93.1
  • systemd-sysvinit-234-24.93.1
  • systemd-devel-234-24.93.1
• Basesystem Module 15-SP2 (noarch)
  • systemd-bash-completion-234-24.93.1
• Basesystem Module 15-SP2 (x86_64)
  • systemd-32bit-debuginfo-234-24.93.1
  • libudev1-32bit-debuginfo-234-24.93.1
  • libudev1-32bit-234-24.93.1
  • systemd-32bit-234-24.93.1
  • libsystemd0-32bit-234-24.93.1
  • libsystemd0-32bit-debuginfo-234-24.93.1

References:

• https://www.suse.com/security/cve/CVE-2021-33910.html
• https://bugzilla.suse.com/show_bug.cgi?id=1134353
• https://bugzilla.suse.com/show_bug.cgi?id=1171962
• https://bugzilla.suse.com/show_bug.cgi?id=1184994
• https://bugzilla.suse.com/show_bug.cgi?id=1188018
• https://bugzilla.suse.com/show_bug.cgi?id=1188063
• https://bugzilla.suse.com/show_bug.cgi?id=1188291
• https://bugzilla.suse.com/show_bug.cgi?id=1188713
• https://bugzilla.suse.com/show_bug.cgi?id=1189480
• https://bugzilla.suse.com/show_bug.cgi?id=1190234
• https://jira.suse.com/browse/SLE-21032