Security update for systemd

Announcement ID:	SUSE-SU-2020:1828-1
Rating:	moderate
References:	bsc#1084671 bsc#1154256 bsc#1157315 bsc#1161262 bsc#1161436 bsc#1162698 bsc#1164538 bsc#1165633 bsc#1167622 bsc#1171145
Cross-References:	CVE-2019-20386
CVSS scores:	CVE-2019-20386 ( SUSE ): 2.4 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-20386 ( NVD ): 2.4 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves one vulnerability and has nine security fixes can now be installed.

Description:

This update for systemd fixes the following issues:

• CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436).
• Renamed the persistent link for ATA devices (bsc#1164538)
• shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315)
• tmpfiles: removed unnecessary assert (bsc#1171145)
• pid1: by default make user units inherit their umask from the user manager (bsc#1162698)
• manager: fixed job mode when signalled to shutdown etc (bsc#1161262)
• coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622)
• udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633)
• libblkid: open device in nonblock mode. (bsc#1084671)
• udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1828=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1828=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1828=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1828=1

Package List:

• SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
  • systemd-devel-228-157.12.5
  • systemd-debuginfo-228-157.12.5
  • libudev-devel-228-157.12.5
  • systemd-debugsource-228-157.12.5
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • libudev1-debuginfo-228-157.12.5
  • libsystemd0-228-157.12.5
  • systemd-228-157.12.5
  • libsystemd0-debuginfo-228-157.12.5
  • systemd-sysvinit-228-157.12.5
  • systemd-debugsource-228-157.12.5
  • udev-228-157.12.5
  • udev-debuginfo-228-157.12.5
  • systemd-debuginfo-228-157.12.5
  • systemd-devel-228-157.12.5
  • libudev-devel-228-157.12.5
  • libudev1-228-157.12.5
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • systemd-bash-completion-228-157.12.5
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • systemd-32bit-228-157.12.5
  • libsystemd0-debuginfo-32bit-228-157.12.5
  • libsystemd0-32bit-228-157.12.5
  • libudev1-32bit-228-157.12.5
  • libudev1-debuginfo-32bit-228-157.12.5
  • systemd-debuginfo-32bit-228-157.12.5
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • libudev1-debuginfo-228-157.12.5
  • libsystemd0-228-157.12.5
  • systemd-228-157.12.5
  • libsystemd0-debuginfo-228-157.12.5
  • systemd-sysvinit-228-157.12.5
  • systemd-debugsource-228-157.12.5
  • udev-228-157.12.5
  • udev-debuginfo-228-157.12.5
  • systemd-debuginfo-228-157.12.5
  • systemd-devel-228-157.12.5
  • libudev-devel-228-157.12.5
  • libudev1-228-157.12.5
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • systemd-bash-completion-228-157.12.5
• SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
  • systemd-32bit-228-157.12.5
  • libsystemd0-debuginfo-32bit-228-157.12.5
  • libsystemd0-32bit-228-157.12.5
  • libudev1-32bit-228-157.12.5
  • libudev1-debuginfo-32bit-228-157.12.5
  • systemd-debuginfo-32bit-228-157.12.5
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • libudev1-debuginfo-228-157.12.5
  • libsystemd0-228-157.12.5
  • systemd-228-157.12.5
  • libsystemd0-debuginfo-228-157.12.5
  • systemd-sysvinit-228-157.12.5
  • systemd-debugsource-228-157.12.5
  • udev-228-157.12.5
  • udev-debuginfo-228-157.12.5
  • systemd-debuginfo-228-157.12.5
  • systemd-devel-228-157.12.5
  • libudev-devel-228-157.12.5
  • libudev1-228-157.12.5
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • systemd-bash-completion-228-157.12.5
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • systemd-32bit-228-157.12.5
  • libsystemd0-debuginfo-32bit-228-157.12.5
  • libsystemd0-32bit-228-157.12.5
  • libudev1-32bit-228-157.12.5
  • libudev1-debuginfo-32bit-228-157.12.5
  • systemd-debuginfo-32bit-228-157.12.5

References:

• https://www.suse.com/security/cve/CVE-2019-20386.html
• https://bugzilla.suse.com/show_bug.cgi?id=1084671
• https://bugzilla.suse.com/show_bug.cgi?id=1154256
• https://bugzilla.suse.com/show_bug.cgi?id=1157315
• https://bugzilla.suse.com/show_bug.cgi?id=1161262
• https://bugzilla.suse.com/show_bug.cgi?id=1161436
• https://bugzilla.suse.com/show_bug.cgi?id=1162698
• https://bugzilla.suse.com/show_bug.cgi?id=1164538
• https://bugzilla.suse.com/show_bug.cgi?id=1165633
• https://bugzilla.suse.com/show_bug.cgi?id=1167622
• https://bugzilla.suse.com/show_bug.cgi?id=1171145