Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

openSUSE 13.2: 2016:2522-1 Important: systemd Denial Of Service

opensuse
Calendar Grey October 13, 2016
Dist Opensuse Esm H88
Critical patches released for systemd in openSUSE 13.2, improving overall security and reliability through various updates.
An update that solves one vulnerability and has 5 fixes is now available.

Description

This update for systemd fixes the following issues:

- CVE-2016-7796: A zero-length message received over systemd's

notification socket could make manager_dispatch_notify_fd() return an

error and, as a side effect, disable the notification handler

completely. As the notification socket is world-writable, this could

have allowed a local user to perform a denial-of-service attack against

systemd. (bsc#1001765)

Additionally, the following non-security fixes are included:

- Fix HMAC calculation when appending a data object to journal.

(bsc#1000435)

- Never accept file descriptors from file systems with mandatory locking

enabled. (bsc#954374)

- Do not warn about missing install info with "preset". (bsc#970293)

- Save /run/systemd/users/UID before starting user@.service. (bsc#996269)

- Make sure that /var/lib/systemd/sysv-convert/database is always

initialized. (bsc#982211)

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1184=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

libgudev-1_0-0-210.1475218254.1e76ce0-25.48.1

libgudev-1_0-0-debuginfo-210.1475218254.1e76ce0-25.48.1

libgudev-1_0-devel-210.1475218254.1e76ce0-25.48.1

libudev-devel-210.1475218254.1e76ce0-25.48.1

libudev-mini-devel-210.1475218254.1e76ce0-25.48.1

libudev-mini1-210.1475218254.1e76ce0-25.48.1

libudev-mini1-debuginfo-210.1475218254.1e76ce0-25.48.1

libudev1-210.1475218254.1e76ce0-25.48.1

libudev1-debuginfo-210.1475218254.1e76ce0-25.48.1

nss-myhostname-210.1475218254.1e76ce0-25.48.1

nss-myhostname-debuginfo-210.1475218254.1e76ce0-25.48.1

systemd-210.1475218254.1e76ce0-25.48.1

systemd-debuginfo-210.1475218254.1e76ce0-25.48.1

systemd-debugsource-210.1475218254.1e76ce0-25.48.1

systemd-devel-210.1475218254.1e76ce0-25.48.1

systemd-journal-gateway-210.1475218254.1e76ce0-25.48.1

systemd-journal-gateway-debuginfo-210.1475218254.1e76ce0-25.48.1

systemd-logger-210.1475218254.1e76ce0-25.48.1

systemd-mini-210.1475218254.1e76ce0-25.48.1

systemd-mini-debuginfo-210.1475218254.1e76ce0-25.48.1

sys...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2016-7796.html

https://bugzilla.suse.com/1000435

https://bugzilla.suse.com/1001765

https://bugzilla.suse.com/954374

https://bugzilla.suse.com/970293

https://bugzilla.suse.com/982211

https://bugzilla.suse.com/996269

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:2522-1
Rating: important
Affected Products: openSUSE 13.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.