Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in systemd
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in systemd
ID: FEDORA-2012-2557
Distribution: Fedora
Plattformen: Fedora 16
Datum: Mo, 12. März 2012, 08:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0871
Applikationen: systemd

Originalnachricht

Name        : systemd
Product : Fedora 16
Version : 37
Release : 15.fc16
URL : http://www.freedesktop.org/wiki/Software/systemd
Summary : A System and Service Manager
Description :
systemd is a system and service manager for Linux, compatible with
SysV and LSB init scripts. systemd provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux cgroups, supports snapshotting and restoring of the system
state, maintains mount and automount points and implements an
elaborate transactional dependency-based service control logic. It can
work as a drop-in replacement for sysvinit.

-------------------------------------------------------------------------------
-
Update Information:

This systemd update adds several fixes:

* logind created files under /run/user/ in an insecure manner. A local attacker
could create a symlink inside arbitrary directories (CVE-2012-0871).
* permissions of PrivateTmp directories (RHBZ#790522)
* timedated did not run without ntp installed (RHBZ#790260)
* logind: allow PowerOff and Reboot via polkit
* loading of empty files in read_one_line_file() (fdo#45362)
* fix cgit URLs in manpages
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Mar 1 2012 Michal Schmidt <mschmidt@redhat.com> - 37-15
- logind: move X11 socket
* Mon Feb 27 2012 Michal Schmidt <mschmidt@redhat.com> - 37-14
- A few fixes from upstream:
- PrivateTmp permissions (#790522)
- timedated without ntp installed (#790260)
- logind: allow PowerOff and Reboot via polkit
- loading empty files in read_one_line_file() (fdo#45362)
- fix cgit URLs in manpages
* Thu Feb 9 2012 Michal Schmidt <mschmidt@redhat.com> - 37-13
- Minor fixes and some manpage updates from upstream.
* Sun Jan 29 2012 Michal Schmidt <mschmidt@redhat.com> - 37-12
- Avoid a glitch with plymouth (#785548).
- Fix logind capabilities.
* Thu Jan 26 2012 Michal Schmidt <mschmidt@redhat.com> - 37-11
- Fix automount regression.
* Sat Jan 21 2012 Michal Schmidt <mschmidt@redhat.com> - 37-10
- Fix occasionally failing socket units with Accept=yes (#783344).
* Fri Jan 20 2012 Michal Schmidt <mschmidt@redhat.com> - 37-9
- Fix a crash related to pid file watch and daemon-reload (#783118).
- Added Conflicts with known broken spamassassin.
* Tue Jan 17 2012 Michal Schmidt <mschmidt@redhat.com> - 37-8
- Shut up another logind message (#727315).
* Sat Jan 14 2012 Michal Schmidt <mschmidt@redhat.com> - 37-7
- Fix for quota and a couple of other issues.
* Wed Jan 11 2012 Michal Schmidt <mschmidt@redhat.com> - 37-6
- Fixes and low-risk enhancements (no journald) from upstream v38.
* Fri Dec 2 2011 Karsten Hopp <karsten@redhat.com> - 37-5
- add upstream patch for bugzilla 744415, encrypted filesystem passphrases
fail on runtime systems in hvc consoles
* Tue Nov 15 2011 Michal Schmidt <mschmidt@redhat.com> - 37-4
- Run authconfig if /etc/pam.d/system-auth is not a symlink.
- Resolves: #753160
* Wed Nov 2 2011 Michal Schmidt <mschmidt@redhat.com> - 37-3
- Fix remote-fs-pre.target and its ordering.
- Resolves: #749940
* Wed Oct 19 2011 Michal Schmidt <mschmidt@redhat.com> - 37-2
- A couple of fixes from upstream:
- Fix a regression in bash-completion reported in Bodhi.
- Fix a crash in isolating.
- Resolves: #717325
* Tue Oct 11 2011 Lennart Poettering <lpoetter@redhat.com> - 37-1
- New upstream release
- Resolves: #744726, #718464, #713567, #713707, #736756
* Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-5
- Undo the workaround. Kay says it does not belong in systemd.
- Unresolves: #741655
* Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-4
- Workaround for the crypto-on-lvm-on-crypto disk layout
- Resolves: #741655
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #795853 - CVE-2012-0871 systemd: insecure file creation may lead to
elevated privileges
https://bugzilla.redhat.com/show_bug.cgi?id=795853
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update systemd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung