Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

openSUSE 13.2 Security Update: Systemd Read Access Fixes

opensuse
Calendar Grey April 19, 2016
Dist Opensuse Esm H88
The latest systemd update for openSUSE 13.2 addresses critical vulnerabilities and important bug fixes to enhance stability and performance, urging users to update promptly
An update that solves two vulnerabilities and has 8 fixes An update that solves two vulnerabilities and has 8 fixes An update that solves two vulnerabilities and has 8 fixes is now...

Description

This update for systemd fixes several issues.

These security issues were fixed:

- CVE-2014-9770, CVE-2015-8842: Don't allow read access to journal files

to users (boo#972612)

These non-security issues were fixed:

- Import commit 523777609a04fe9e590420e89f94ef07e3719baa: e5e362a udev:

exclude MD from block device ownership event locking 8839413 udev:

really exclude device-mapper from block device ownership event locking

66782e6 udev: exclude device-mapper from block device ownership event

locking (boo#972727) 1386f57 tmpfiles: explicitly set mode for /run/log

faadb74 tmpfiles: don't allow read access to journal files to users not

in systemd-journal 9b1ef37 tmpfiles: don't apply sgid and executable bit

to journal files, only the directories they are contained in 011c39f

tmpfiles: add ability to mask access mode by pre-existing access mode on

files/directories 07e2d60 tmpfiles: get rid of "m" lines d504e28

tmpfiles:...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security update important CVE issue openSUSE systemd fix read access

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-487=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

libgudev-1_0-0-210.1459453449.5237776-25.37.1

libgudev-1_0-0-debuginfo-210.1459453449.5237776-25.37.1

libgudev-1_0-devel-210.1459453449.5237776-25.37.1

libudev-devel-210.1459453449.5237776-25.37.1

libudev-mini-devel-210.1459453449.5237776-25.37.1

libudev-mini1-210.1459453449.5237776-25.37.1

libudev-mini1-debuginfo-210.1459453449.5237776-25.37.1

libudev1-210.1459453449.5237776-25.37.1

libudev1-debuginfo-210.1459453449.5237776-25.37.1

nss-myhostname-210.1459453449.5237776-25.37.1

nss-myhostname-debuginfo-210.1459453449.5237776-25.37.1

systemd-210.1459453449.5237776-25.37.1

systemd-debuginfo-210.1459453449.5237776-25.37.1

systemd-debugsource-210.1459453449.5237776-25.37.1

systemd-devel-210.1459453449.5237776-25.37.1

systemd-journal-gateway-210.1459453449.5237776-25.37.1

systemd-journal-gateway-debuginfo-210.1459453449.5237776-25.37.1

systemd-logger-210.1459453449.5237776-25.37.1

systemd-mini-210.1459453449.5237776-25.37.1

systemd-mini-debuginfo-210.1459453449.5237776-25.37.1

sys...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2014-9770.html

https://www.suse.com/security/cve/CVE-2015-8842.html

https://bugzilla.suse.com/959886

https://bugzilla.suse.com/960158

https://bugzilla.suse.com/963230

https://bugzilla.suse.com/964355

https://bugzilla.suse.com/965897

https://bugzilla.suse.com/967122

https://bugzilla.suse.com/970423

https://bugzilla.suse.com/970860

https://bugzilla.suse.com/972612

https://bugzilla.suse.com/972727

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:1101-1
Rating: important
Affected Products: openSUSE 13.2

Topics%20covered

Topics Covered

security advisory security update important CVE issue openSUSE systemd fix read access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here