Security update for systemd
| Announcement ID: | SUSE-SU-2017:1773-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has nine security fixes can now be installed.
Description:
This update for systemd fixes the following issues:
Security issue fixed:
- CVE-2017-9217: resolved: Fix null pointer p->question dereferencing that could lead to resolved aborting (bsc#1040614)
The update also fixed several non-security bugs:
- core/mount: Use the "-c" flag to not canonicalize paths when calling /bin/umount
- automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942)
- automount: Rework propagation between automount and mount units
- build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary
- build: Fix systemd-journal-upload installation
- basic: Detect XEN Dom0 as no virtualization (bsc#1036873)
- virt: Make sure some errors are not ignored
- fstab-generator: Do not skip Before= ordering for noauto mountpoints
- fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec
- core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)
- fstab-generator: Apply the _netdev option also to device units (bsc#1004995)
- job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)
- job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)
- rules: Export NVMe WWID udev attribute (bsc#1038865)
- rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives
- rules: Add rules for NVMe devices
- sysusers: Make group shadow support configurable (bsc#1029516)
- core: When deserializing a unit, fully restore its cgroup state (bsc#1029102)
- core: Introduce cg_mask_from_string()/cg_mask_to_string()
- core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258)
- Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files.
- Disable group shadow support (bsc#1029516)
- Only check signature job error if signature job exists (bsc#1043758)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Magnum Orchestration 7
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1104=1 -
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
zypper in -t patch SUSE-SLE-BSK-12-SP2-2017-1104=1 -
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1104=1 -
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1104=1 -
SUSE Linux Enterprise Software Development Kit 12 12-SP2
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1104=1 -
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1104=1 -
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1104=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1104=1
Package List:
-
Magnum Orchestration 7 (x86_64)
- systemd-debuginfo-228-149.3
- libsystemd0-debuginfo-228-149.3
- libudev1-debuginfo-228-149.3
- udev-228-149.3
- systemd-debugsource-228-149.3
- libudev1-228-149.3
- libsystemd0-228-149.3
- udev-debuginfo-228-149.3
- systemd-sysvinit-228-149.3
- systemd-228-149.3
-
SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (ppc64le s390x x86_64)
- udev-mini-228-149.2
- systemd-mini-228-149.2
- systemd-mini-debuginfo-228-149.2
- libudev-mini-devel-228-149.2
- systemd-mini-devel-228-149.2
- libudev-mini1-debuginfo-228-149.2
- udev-mini-debuginfo-228-149.2
- systemd-mini-debugsource-228-149.2
- libudev-mini1-228-149.2
-
SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
- libsystemd0-debuginfo-32bit-228-149.3
- libsystemd0-debuginfo-228-149.3
- systemd-debuginfo-228-149.3
- libudev1-32bit-228-149.3
- libudev1-debuginfo-228-149.3
- systemd-debuginfo-32bit-228-149.3
- udev-228-149.3
- systemd-debugsource-228-149.3
- systemd-32bit-228-149.3
- libudev1-debuginfo-32bit-228-149.3
- libsystemd0-32bit-228-149.3
- libudev1-228-149.3
- libsystemd0-228-149.3
- udev-debuginfo-228-149.3
- systemd-sysvinit-228-149.3
- systemd-228-149.3
-
SUSE Linux Enterprise Desktop 12 SP2 (noarch)
- systemd-bash-completion-228-149.3
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
- systemd-debuginfo-228-149.3
- libsystemd0-debuginfo-228-149.3
- libudev1-debuginfo-228-149.3
- udev-228-149.3
- systemd-debugsource-228-149.3
- libudev1-228-149.3
- libsystemd0-228-149.3
- udev-debuginfo-228-149.3
- systemd-sysvinit-228-149.3
- systemd-228-149.3
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
- systemd-bash-completion-228-149.3
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
- systemd-debuginfo-228-149.3
- libudev-devel-228-149.3
- systemd-debugsource-228-149.3
- systemd-devel-228-149.3
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
- systemd-debuginfo-228-149.3
- libsystemd0-debuginfo-228-149.3
- libudev1-debuginfo-228-149.3
- udev-228-149.3
- systemd-debugsource-228-149.3
- libudev1-228-149.3
- libsystemd0-228-149.3
- udev-debuginfo-228-149.3
- systemd-sysvinit-228-149.3
- systemd-228-149.3
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
- systemd-bash-completion-228-149.3
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (x86_64)
- libsystemd0-debuginfo-32bit-228-149.3
- libudev1-32bit-228-149.3
- libsystemd0-32bit-228-149.3
- systemd-debuginfo-32bit-228-149.3
- systemd-32bit-228-149.3
- libudev1-debuginfo-32bit-228-149.3
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
- systemd-debuginfo-228-149.3
- libsystemd0-debuginfo-228-149.3
- libudev1-debuginfo-228-149.3
- udev-228-149.3
- systemd-debugsource-228-149.3
- libudev1-228-149.3
- libsystemd0-228-149.3
- udev-debuginfo-228-149.3
- systemd-sysvinit-228-149.3
- systemd-228-149.3
-
SUSE Linux Enterprise Server 12 SP2 (noarch)
- systemd-bash-completion-228-149.3
-
SUSE Linux Enterprise Server 12 SP2 (s390x x86_64)
- libsystemd0-debuginfo-32bit-228-149.3
- libudev1-32bit-228-149.3
- libsystemd0-32bit-228-149.3
- systemd-debuginfo-32bit-228-149.3
- systemd-32bit-228-149.3
- libudev1-debuginfo-32bit-228-149.3
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- systemd-debuginfo-228-149.3
- libsystemd0-debuginfo-228-149.3
- libudev1-debuginfo-228-149.3
- udev-228-149.3
- systemd-debugsource-228-149.3
- libudev1-228-149.3
- libsystemd0-228-149.3
- udev-debuginfo-228-149.3
- systemd-sysvinit-228-149.3
- systemd-228-149.3
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
- systemd-bash-completion-228-149.3
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
- libsystemd0-debuginfo-32bit-228-149.3
- libudev1-32bit-228-149.3
- libsystemd0-32bit-228-149.3
- systemd-debuginfo-32bit-228-149.3
- systemd-32bit-228-149.3
- libudev1-debuginfo-32bit-228-149.3
References:
- https://www.suse.com/security/cve/CVE-2017-9217.html
- https://bugzilla.suse.com/show_bug.cgi?id=1004995
- https://bugzilla.suse.com/show_bug.cgi?id=1029102
- https://bugzilla.suse.com/show_bug.cgi?id=1029516
- https://bugzilla.suse.com/show_bug.cgi?id=1036873
- https://bugzilla.suse.com/show_bug.cgi?id=1038865
- https://bugzilla.suse.com/show_bug.cgi?id=1040258
- https://bugzilla.suse.com/show_bug.cgi?id=1040614
- https://bugzilla.suse.com/show_bug.cgi?id=1040942
- https://bugzilla.suse.com/show_bug.cgi?id=1043758
- https://bugzilla.suse.com/show_bug.cgi?id=982303