openSUSE: 2016:1101-1: important: systemd

   openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1101-1
Rating:             important
References:         #959886 #960158 #963230 #964355 #965897 #967122 
                    #970423 #970860 #972612 #972727 
Cross-References:   CVE-2014-9770 CVE-2015-8842
Affected Products:
                    openSUSE 13.2
______________________________________________________________________________

   An update that solves two vulnerabilities and has 8 fixes
   is now available.

Description:

   This update for systemd fixes several issues.

   These security issues were fixed:
   - CVE-2014-9770, CVE-2015-8842: Don't allow read access to journal files
     to users (boo#972612)

   These non-security issues were fixed:
   - Import commit 523777609a04fe9e590420e89f94ef07e3719baa: e5e362a udev:
     exclude MD from block device ownership event locking 8839413 udev:
     really exclude device-mapper from block device ownership event locking
     66782e6 udev: exclude device-mapper from block device ownership event
     locking (boo#972727) 1386f57 tmpfiles: explicitly set mode for /run/log
     faadb74 tmpfiles: don't allow read access to journal files to users not
     in systemd-journal 9b1ef37 tmpfiles: don't apply sgid and executable bit
     to journal files, only the directories they are contained in 011c39f
     tmpfiles: add ability to mask access mode by pre-existing access mode on
     files/directories 07e2d60 tmpfiles: get rid of "m" lines d504e28
     tmpfiles: various modernizations f97250d systemctl: no need to pass
     --all if inactive is explicitly requested in list-units (boo#967122)
     2686573 fstab-generator: fix automount option and don't start associated
     mount unit at boot (boo#970423) 5c1637d login: support more than just
     power-gpio-key (fate#318444) (boo#970860) 2c95ecd logind: add standard
     gpio power button support (fate#318444) (boo#970860) af3eb93 Revert
     "log-target-null-instead-kmsg" 555dad4 shorten hostname before checking
     for trailing dot (boo#965897) 522194c Revert "log: honour the kernel's
     quiet cmdline argument" (boo#963230) cc94e47 transaction: downgrade
     warnings about wanted unit which are not found (boo#960158) eb3cfb3
     Revert "vhangup-on-all-consoles" 0c28752 remove WorkingDirectory
     parameter from emergency, rescue and console-shell.service (boo#959886)
     1d6d840 Fix wrong substitution variable name in
     systemd-udev-root-symlink.service.in (boo#964355)
   - Don't ship boot.udev and systemd-journald.init anymore. It was used
     during the systemd transition when both sysvinit and systemd could be
     used on the same system


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2016-487=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      libgudev-1_0-0-210.1459453449.5237776-25.37.1
      libgudev-1_0-0-debuginfo-210.1459453449.5237776-25.37.1
      libgudev-1_0-devel-210.1459453449.5237776-25.37.1
      libudev-devel-210.1459453449.5237776-25.37.1
      libudev-mini-devel-210.1459453449.5237776-25.37.1
      libudev-mini1-210.1459453449.5237776-25.37.1
      libudev-mini1-debuginfo-210.1459453449.5237776-25.37.1
      libudev1-210.1459453449.5237776-25.37.1
      libudev1-debuginfo-210.1459453449.5237776-25.37.1
      nss-myhostname-210.1459453449.5237776-25.37.1
      nss-myhostname-debuginfo-210.1459453449.5237776-25.37.1
      systemd-210.1459453449.5237776-25.37.1
      systemd-debuginfo-210.1459453449.5237776-25.37.1
      systemd-debugsource-210.1459453449.5237776-25.37.1
      systemd-devel-210.1459453449.5237776-25.37.1
      systemd-journal-gateway-210.1459453449.5237776-25.37.1
      systemd-journal-gateway-debuginfo-210.1459453449.5237776-25.37.1
      systemd-logger-210.1459453449.5237776-25.37.1
      systemd-mini-210.1459453449.5237776-25.37.1
      systemd-mini-debuginfo-210.1459453449.5237776-25.37.1
      systemd-mini-debugsource-210.1459453449.5237776-25.37.1
      systemd-mini-devel-210.1459453449.5237776-25.37.1
      systemd-mini-sysvinit-210.1459453449.5237776-25.37.1
      systemd-sysvinit-210.1459453449.5237776-25.37.1
      typelib-1_0-GUdev-1_0-210.1459453449.5237776-25.37.1
      udev-210.1459453449.5237776-25.37.1
      udev-debuginfo-210.1459453449.5237776-25.37.1
      udev-mini-210.1459453449.5237776-25.37.1
      udev-mini-debuginfo-210.1459453449.5237776-25.37.1

   - openSUSE 13.2 (noarch):

      systemd-bash-completion-210.1459453449.5237776-25.37.1

   - openSUSE 13.2 (x86_64):

      libgudev-1_0-0-32bit-210.1459453449.5237776-25.37.1
      libgudev-1_0-0-debuginfo-32bit-210.1459453449.5237776-25.37.1
      libudev1-32bit-210.1459453449.5237776-25.37.1
      libudev1-debuginfo-32bit-210.1459453449.5237776-25.37.1
      nss-myhostname-32bit-210.1459453449.5237776-25.37.1
      nss-myhostname-debuginfo-32bit-210.1459453449.5237776-25.37.1
      systemd-32bit-210.1459453449.5237776-25.37.1
      systemd-debuginfo-32bit-210.1459453449.5237776-25.37.1


References:

   https://www.suse.com/security/cve/CVE-2014-9770.html
   https://www.suse.com/security/cve/CVE-2015-8842.html
   https://bugzilla.suse.com/959886
   https://bugzilla.suse.com/960158
   https://bugzilla.suse.com/963230
   https://bugzilla.suse.com/964355
   https://bugzilla.suse.com/965897
   https://bugzilla.suse.com/967122
   https://bugzilla.suse.com/970423
   https://bugzilla.suse.com/970860
   https://bugzilla.suse.com/972612
   https://bugzilla.suse.com/972727
Get the Latest News & Insights
openSUSE: 2016:1101-1: important: systemd

Description

Patch

Package List

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
