Alerts This Week
Warning Icon 1 1,529
Alerts This Week
Warning Icon 1 1,529

openSUSE 42.3: SUSE-SU-2019:0097-1 Moderate: Systemd Fixes

opensuse
Calendar Grey January 29, 2019
Dist Opensuse Esm H88
openSUSE announces a critical patch for Systemd, resolving issues related to memory mishandling and information exposure across multiple vulnerabilities.
An update that solves three vulnerabilities and has four fixes is now available.

Description

This update for systemd provides the following fixes:

Security issues fixed:

- CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through

attacker-controlled alloca()s (bsc#1120323)

- CVE-2018-16866: Fixed an information leak in journald (bsc#1120323)

- Fixed an issue during system startup in relation to encrypted swap disks

(bsc#1119971)

Non-security issues fixed:

- core: Queue loading transient units after setting their properties.

(bsc#1115518)

- logind: Stop managing VT switches if no sessions are registered on that

VT. (bsc#1101591)

- terminal-util: introduce vt_release() and vt_restore() helpers.

- terminal: Unify code for resetting kbd utf8 mode a bit.

- terminal Reset should honour default_utf8 kernel setting.

- logind: Make session_restore_vt() static.

- udev: Downgrade message when settting inotify watch up fails.

(bsc#1005023)

- log: Never log into foreign fd #2 in PID 1 or its pre-execve()...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-97=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

libsystemd0-228-65.1

libsystemd0-debuginfo-228-65.1

libsystemd0-mini-228-65.1

libsystemd0-mini-debuginfo-228-65.1

libudev-devel-228-65.1

libudev-mini-devel-228-65.1

libudev-mini1-228-65.1

libudev-mini1-debuginfo-228-65.1

libudev1-228-65.1

libudev1-debuginfo-228-65.1

nss-myhostname-228-65.1

nss-myhostname-debuginfo-228-65.1

nss-mymachines-228-65.1

nss-mymachines-debuginfo-228-65.1

systemd-228-65.1

systemd-debuginfo-228-65.1

systemd-debugsource-228-65.1

systemd-devel-228-65.1

systemd-logger-228-65.1

systemd-mini-228-65.1

systemd-mini-debuginfo-228-65.1

systemd-mini-debugsource-228-65.1

systemd-mini-devel-228-65.1

systemd-mini-sysvinit-228-65.1

systemd-sysvinit-228-65.1

udev-228-65.1

udev-debuginfo-228-65.1

udev-mini-228-65.1

udev-mini-debuginfo-228-65.1

- openSUSE Leap 42.3 (noarch):

systemd-bash-completion-228-65.1

systemd-mini-bash-completion-228-65.1

- openSUSE Leap 42.3 (x86_64):

libsystemd0-32bit-228-65.1

libsystemd0-debuginfo-32bit-228-65.1

libudev1-32bit-228-65.1

libudev1-debuginfo...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-16864.html

https://www.suse.com/security/cve/CVE-2018-16865.html

https://www.suse.com/security/cve/CVE-2018-16866.html

https://bugzilla.suse.com/1005023

https://bugzilla.suse.com/1076696

https://bugzilla.suse.com/1101591

https://bugzilla.suse.com/1114981

https://bugzilla.suse.com/1115518

https://bugzilla.suse.com/1119971

https://bugzilla.suse.com/1120323

--

Announcement ID: openSUSE-SU-2019:0097-1
Rating: moderate
Affected Products: openSUSE Leap 42.3 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here