Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

SUSE: 2016:2475-1 Important: Systemd Denial-of-Service Fix

suse
Calendar Grey October 7, 2016
Dist Suse Esm H88
SUSE patch for systemd resolves a denial-of-service vulnerability. This critical update contains both security and non-security improvements.
An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is An update that solves one vulnerability and has 10 fixes is ...

Summary

This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make manager_dispatch_notify_fd() return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writable, this could have allowed a local user to perform a denial-of-service attack against systemd. (bsc#1001765) Additionally, the following non-security fixes are included: - Fix HMAC calculation when appending a data object to journal. (bsc#1000435) - Never accept file descriptors from file systems with mandatory locking enabled. (bsc#954374) - Do not warn about missing install info with "preset". (bsc#970293) - Save /run/systemd/users/UID before starting user@.service. (bsc#996269)

Topics%20covered

Topics Covered

security advisory denial-of-service SUSE Linux important update systemd patch instructions

References

#1000435 #1001765 #954374 #970293 #982210

#982211 #982251 #987173 #987857 #990074 #996269

Cross- CVE-2016-7796

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2016-7796.html

https://bugzilla.suse.com/1000435

https://bugzilla.suse.com/1001765

https://bugzilla.suse.com/954374

https://bugzilla.suse.com/970293

https://bugzilla.suse.com/982210

https://bugzilla.suse.com/982211

https://bugzilla.suse.com/982251

https://bugzilla.suse.com/987173

https://bugzilla.suse.com/987857

https://bugzilla.suse.com/990074

https://bugzilla.suse.com/996269

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2016:2475-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial-of-service SUSE Linux important update systemd patch instructions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here