Recommended update for systemd

Announcement ID:	SUSE-RU-2020:0793-1
Rating:	moderate
References:	bsc#1139459 bsc#1161262 bsc#1162108 bsc#1164717 bsc#1165579
Cross-References:	CVE-2020-1712
CVSS scores:	CVE-2020-1712 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-1712 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Basesystem Module 15-SP1 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves one vulnerability and has four fixes can now be installed.

Description:

This update for systemd fixes the following issues:

• manager: fix job mode when signalled to shutdown etc (bsc#1161262)
• remove fallback for user/exit.target
• dbus method Manager.Exit() does not start exit.target
• do not install rescue.target for alt-↑
• %j/%J unit specifiers

Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717).

Added the udev 60-ssd-scheduler.rules:

• This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team.

• core: coldplug possible nop_job (bsc#1139459)

• Revert "udev: use 'deadline' IO scheduler for SSD disks"
• Fix typo in function name
• polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712)
• sd-bus: introduce API for re-enqueuing incoming messages
• polkit: on async pk requests, re-validate action/details

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-793=1

Package List:

• Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
  • systemd-debuginfo-234-24.46.1
  • systemd-coredump-234-24.46.1
  • udev-debuginfo-234-24.46.1
  • systemd-devel-234-24.46.1
  • libsystemd0-234-24.46.1
  • libudev1-234-24.46.1
  • systemd-debugsource-234-24.46.1
  • libsystemd0-debuginfo-234-24.46.1
  • systemd-container-debuginfo-234-24.46.1
  • systemd-coredump-debuginfo-234-24.46.1
  • systemd-sysvinit-234-24.46.1
  • udev-234-24.46.1
  • systemd-container-234-24.46.1
  • systemd-234-24.46.1
  • libudev1-debuginfo-234-24.46.1
  • libudev-devel-234-24.46.1
• Basesystem Module 15-SP1 (noarch)
  • systemd-bash-completion-234-24.46.1
• Basesystem Module 15-SP1 (x86_64)
  • libsystemd0-32bit-debuginfo-234-24.46.1
  • libudev1-32bit-debuginfo-234-24.46.1
  • libudev1-32bit-234-24.46.1
  • systemd-32bit-debuginfo-234-24.46.1
  • systemd-32bit-234-24.46.1
  • libsystemd0-32bit-234-24.46.1

References:

• https://www.suse.com/security/cve/CVE-2020-1712.html
• https://bugzilla.suse.com/show_bug.cgi?id=1139459
• https://bugzilla.suse.com/show_bug.cgi?id=1161262
• https://bugzilla.suse.com/show_bug.cgi?id=1162108
• https://bugzilla.suse.com/show_bug.cgi?id=1164717
• https://bugzilla.suse.com/show_bug.cgi?id=1165579