openSUSE Leap 42.3: openSUSE-SU-2019:1450-1 Important: Systemd Update
opensuse
May 27, 2019
An update that solves three vulnerabilities and has 8 fixes is now available.
Description
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2018-6954: Fixed a vulnerability in the symlink handling of
systemd-tmpfiles which allowed a local user to obtain ownership of
arbitrary files (bsc#1080919).
- CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a
local user to escalate privileges (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service caused by long dbus messages
(bsc#1125352).
Non-security issues fixed:
- systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per
batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- core: only watch processes when it's really necessary (bsc#955942
bsc#1128657)
- rules: load drivers only on "add" events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- Do not...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1450=1
Package List
- openSUSE Leap 42.3 (i586 x86_64):
libsystemd0-228-71.1
libsystemd0-debuginfo-228-71.1
libsystemd0-mini-228-71.1
libsystemd0-mini-debuginfo-228-71.1
libudev-devel-228-71.1
libudev-mini-devel-228-71.1
libudev-mini1-228-71.1
libudev-mini1-debuginfo-228-71.1
libudev1-228-71.1
libudev1-debuginfo-228-71.1
nss-myhostname-228-71.1
nss-myhostname-debuginfo-228-71.1
nss-mymachines-228-71.1
nss-mymachines-debuginfo-228-71.1
systemd-228-71.1
systemd-debuginfo-228-71.1
systemd-debugsource-228-71.1
systemd-devel-228-71.1
systemd-logger-228-71.1
systemd-mini-228-71.1
systemd-mini-debuginfo-228-71.1
systemd-mini-debugsource-228-71.1
systemd-mini-devel-228-71.1
systemd-mini-sysvinit-228-71.1
systemd-sysvinit-228-71.1
udev-228-71.1
udev-debuginfo-228-71.1
udev-mini-228-71.1
udev-mini-debuginfo-228-71.1
- openSUSE Leap 42.3 (noarch):
systemd-bash-completion-228-71.1
systemd-mini-bash-completion-228-71.1
- openSUSE Leap 42.3 (x86_64):
libsystemd0-32bit-228-71.1
libsystemd0-debuginfo-32bit-228-71.1
libudev1-32bit-228-71.1
libudev1-debuginfo...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2018-6954.html
https://www.suse.com/security/cve/CVE-2019-3842.html
https://www.suse.com/security/cve/CVE-2019-6454.html
https://bugzilla.suse.com/1080919
https://bugzilla.suse.com/1121563
https://bugzilla.suse.com/1125352
https://bugzilla.suse.com/1126056
https://bugzilla.suse.com/1127557
https://bugzilla.suse.com/1128657
https://bugzilla.suse.com/1130230
https://bugzilla.suse.com/1132348
https://bugzilla.suse.com/1132400
https://bugzilla.suse.com/1132721
https://bugzilla.suse.com/955942
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:1450-1
Rating: important
Affected Products:
openSUSE Leap 42.3
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!