openSUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:2539-1
Rating:             important
References:         #1000435 #1001765 #954374 #970293 #982210 
                    #982211 #982251 #987173 #987857 #990074 #996269 
                    
Cross-References:   CVE-2016-7796
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves one vulnerability and has 10 fixes is
   now available.

Description:

   This update for systemd fixes the following security issue:

   - CVE-2016-7796: A zero-length message received over systemd's
     notification socket could make manager_dispatch_notify_fd() return an
     error and, as a side effect, disable the notification handler
     completely. As the notification socket is world-writable, this could
     have allowed a local user to perform a denial-of-service attack against
     systemd. (bsc#1001765)

   Additionally, the following non-security fixes are included:

   - Fix HMAC calculation when appending a data object to journal.
     (bsc#1000435)
   - Never accept file descriptors from file systems with mandatory locking
     enabled. (bsc#954374)
   - Do not warn about missing install info with "preset". (bsc#970293)
   - Save /run/systemd/users/UID before starting user@.service. (bsc#996269)
   - Make sure that /var/lib/systemd/sysv-convert/database is always
     initialized. (bsc#982211)
   - Remove daylight saving time handling and tzfile parser. (bsc#990074)
   - Make sure directory watch is started before cryptsetup. (bsc#987173)
   - Introduce sd_pid_notify() and sd_pid_notifyf() APIs. (bsc#987857)
   - Set KillMode=mixed for our daemons that fork worker processes.
   - Add nosuid and nodev options to tmp.mount.
   - Don't start console-getty.service when /dev/console is missing.
     (bsc#982251)
   - Correct segmentation fault in udev/path_id due to missing NULL check.
     (bsc#982210)

   This update was imported from the SUSE:SLE-12-SP1:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-1194=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      libgudev-1_0-0-210-98.1
      libgudev-1_0-0-debuginfo-210-98.1
      libgudev-1_0-devel-210-98.1
      libudev-devel-210-98.1
      libudev-mini-devel-210-98.1
      libudev-mini1-210-98.1
      libudev-mini1-debuginfo-210-98.1
      libudev1-210-98.1
      libudev1-debuginfo-210-98.1
      nss-myhostname-210-98.1
      nss-myhostname-debuginfo-210-98.1
      systemd-210-98.1
      systemd-debuginfo-210-98.1
      systemd-debugsource-210-98.1
      systemd-devel-210-98.1
      systemd-journal-gateway-210-98.1
      systemd-journal-gateway-debuginfo-210-98.1
      systemd-logger-210-98.1
      systemd-mini-210-98.1
      systemd-mini-debuginfo-210-98.1
      systemd-mini-debugsource-210-98.1
      systemd-mini-devel-210-98.1
      systemd-mini-sysvinit-210-98.1
      systemd-sysvinit-210-98.1
      typelib-1_0-GUdev-1_0-210-98.1
      udev-210-98.1
      udev-debuginfo-210-98.1
      udev-mini-210-98.1
      udev-mini-debuginfo-210-98.1

   - openSUSE Leap 42.1 (noarch):

      systemd-bash-completion-210-98.1

   - openSUSE Leap 42.1 (x86_64):

      libgudev-1_0-0-32bit-210-98.1
      libgudev-1_0-0-debuginfo-32bit-210-98.1
      libudev1-32bit-210-98.1
      libudev1-debuginfo-32bit-210-98.1
      nss-myhostname-32bit-210-98.1
      nss-myhostname-debuginfo-32bit-210-98.1
      systemd-32bit-210-98.1
      systemd-debuginfo-32bit-210-98.1


References:

   https://www.suse.com/security/cve/CVE-2016-7796.html
   https://bugzilla.suse.com/1000435
   https://bugzilla.suse.com/1001765
   https://bugzilla.suse.com/954374
   https://bugzilla.suse.com/970293
   https://bugzilla.suse.com/982210
   https://bugzilla.suse.com/982211
   https://bugzilla.suse.com/982251
   https://bugzilla.suse.com/987173
   https://bugzilla.suse.com/987857
   https://bugzilla.suse.com/990074
   https://bugzilla.suse.com/996269

openSUSE: 2016:2539-1: important: systemd

October 14, 2016
An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is ...

Description

This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make manager_dispatch_notify_fd() return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writable, this could have allowed a local user to perform a denial-of-service attack against systemd. (bsc#1001765) Additionally, the following non-security fixes are included: - Fix HMAC calculation when appending a data object to journal. (bsc#1000435) - Never accept file descriptors from file systems with mandatory locking enabled. (bsc#954374) - Do not warn about missing install info with "preset". (bsc#970293) - Save /run/systemd/users/UID before starting user@.service. (bsc#996269) - Make sure that /var/lib/systemd/sysv-convert/database is always initialized. (bsc#982211) - Remove daylight saving time handling and tzfile parser. (bsc#990074) - Make sure directory watch is started before cryptsetup. (bsc#987173) - Introduce sd_pid_notify() and sd_pid_notifyf() APIs. (bsc#987857) - Set KillMode=mixed for our daemons that fork worker processes. - Add nosuid and nodev options to tmp.mount. - Don't start console-getty.service when /dev/console is missing. (bsc#982251) - Correct segmentation fault in udev/path_id due to missing NULL check. (bsc#982210) This update was imported from the SUSE:SLE-12-SP1:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1194=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i586 x86_64): libgudev-1_0-0-210-98.1 libgudev-1_0-0-debuginfo-210-98.1 libgudev-1_0-devel-210-98.1 libudev-devel-210-98.1 libudev-mini-devel-210-98.1 libudev-mini1-210-98.1 libudev-mini1-debuginfo-210-98.1 libudev1-210-98.1 libudev1-debuginfo-210-98.1 nss-myhostname-210-98.1 nss-myhostname-debuginfo-210-98.1 systemd-210-98.1 systemd-debuginfo-210-98.1 systemd-debugsource-210-98.1 systemd-devel-210-98.1 systemd-journal-gateway-210-98.1 systemd-journal-gateway-debuginfo-210-98.1 systemd-logger-210-98.1 systemd-mini-210-98.1 systemd-mini-debuginfo-210-98.1 systemd-mini-debugsource-210-98.1 systemd-mini-devel-210-98.1 systemd-mini-sysvinit-210-98.1 systemd-sysvinit-210-98.1 typelib-1_0-GUdev-1_0-210-98.1 udev-210-98.1 udev-debuginfo-210-98.1 udev-mini-210-98.1 udev-mini-debuginfo-210-98.1 - openSUSE Leap 42.1 (noarch): systemd-bash-completion-210-98.1 - openSUSE Leap 42.1 (x86_64): libgudev-1_0-0-32bit-210-98.1 libgudev-1_0-0-debuginfo-32bit-210-98.1 libudev1-32bit-210-98.1 libudev1-debuginfo-32bit-210-98.1 nss-myhostname-32bit-210-98.1 nss-myhostname-debuginfo-32bit-210-98.1 systemd-32bit-210-98.1 systemd-debuginfo-32bit-210-98.1


References

https://www.suse.com/security/cve/CVE-2016-7796.html https://bugzilla.suse.com/1000435 https://bugzilla.suse.com/1001765 https://bugzilla.suse.com/954374 https://bugzilla.suse.com/970293 https://bugzilla.suse.com/982210 https://bugzilla.suse.com/982211 https://bugzilla.suse.com/982251 https://bugzilla.suse.com/987173 https://bugzilla.suse.com/987857 https://bugzilla.suse.com/990074 https://bugzilla.suse.com/996269


Severity
Announcement ID: openSUSE-SU-2016:2539-1
Rating: important
Affected Products: openSUSE Leap 42.1

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved