Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in systemd
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in systemd
ID: SUSE-SU-2019:1364-2
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1
Datum: Mo, 15. Juli 2019, 23:26
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6454
Applikationen: systemd

Originalnachricht


SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID: SUSE-SU-2019:1364-2
Rating: moderate
References: #1036463 #1121563 #1124122 #1125352 #1125604
#1126056 #1127557 #1130230 #1132348 #1132400
#1132721 #1133506 #1133509
Cross-References: CVE-2019-3842 CVE-2019-3843 CVE-2019-3844
CVE-2019-6454
Affected Products:
SUSE Linux Enterprise Module for Open Buildservice
Development Tools 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
______________________________________________________________________________

An update that solves four vulnerabilities and has 9 fixes
is now available.

Description:

This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could
be exploited by a local user (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service via crafted D-Bus message
(bsc#1125352).
- CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where
services with DynamicUser could gain new privileges or create SUID/SGID
binaries (bsc#1133506, bsc#1133509).

Non-security issued fixed:

- logind: fix killing of scopes (bsc#1125604)
- namespace: make MountFlags=shared work again (bsc#1124122)
- rules: load drivers only on "add" events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s'
(bsc#1121563)
- systemd-coredump: generate a stack trace of all core dumps and log into
the journal (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per
batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- Do not automatically online memory on s390x (bsc#1127557)
- Removed sg.conf (bsc#1036463)


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:

zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1364=1

- SUSE Linux Enterprise Module for Basesystem 15-SP1:

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1364=1



Package List:

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1 (aarch64 ppc64le s390x x86_64):

libsystemd0-mini-234-24.30.1
libsystemd0-mini-debuginfo-234-24.30.1
libudev-mini-devel-234-24.30.1
libudev-mini1-234-24.30.1
libudev-mini1-debuginfo-234-24.30.1
nss-myhostname-234-24.30.1
nss-myhostname-debuginfo-234-24.30.1
nss-mymachines-234-24.30.1
nss-mymachines-debuginfo-234-24.30.1
nss-systemd-234-24.30.1
nss-systemd-debuginfo-234-24.30.1
systemd-debuginfo-234-24.30.1
systemd-debugsource-234-24.30.1
systemd-logger-234-24.30.1
systemd-mini-234-24.30.1
systemd-mini-container-mini-234-24.30.1
systemd-mini-container-mini-debuginfo-234-24.30.1
systemd-mini-coredump-mini-234-24.30.1
systemd-mini-coredump-mini-debuginfo-234-24.30.1
systemd-mini-debuginfo-234-24.30.1
systemd-mini-debugsource-234-24.30.1
systemd-mini-devel-234-24.30.1
systemd-mini-sysvinit-234-24.30.1
udev-mini-234-24.30.1
udev-mini-debuginfo-234-24.30.1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1 (x86_64):

libudev-devel-32bit-234-24.30.1
nss-myhostname-32bit-234-24.30.1
nss-myhostname-32bit-debuginfo-234-24.30.1
nss-mymachines-32bit-234-24.30.1
nss-mymachines-32bit-debuginfo-234-24.30.1
systemd-32bit-debuginfo-234-24.30.1

- SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1 (noarch):

systemd-mini-bash-completion-234-24.30.1

- SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x
x86_64):

libsystemd0-234-24.30.1
libsystemd0-debuginfo-234-24.30.1
libudev-devel-234-24.30.1
libudev1-234-24.30.1
libudev1-debuginfo-234-24.30.1
systemd-234-24.30.1
systemd-container-234-24.30.1
systemd-container-debuginfo-234-24.30.1
systemd-coredump-234-24.30.1
systemd-coredump-debuginfo-234-24.30.1
systemd-debuginfo-234-24.30.1
systemd-debugsource-234-24.30.1
systemd-devel-234-24.30.1
systemd-sysvinit-234-24.30.1
udev-234-24.30.1
udev-debuginfo-234-24.30.1

- SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):

libsystemd0-32bit-234-24.30.1
libsystemd0-32bit-debuginfo-234-24.30.1
libudev1-32bit-234-24.30.1
libudev1-32bit-debuginfo-234-24.30.1
systemd-32bit-234-24.30.1
systemd-32bit-debuginfo-234-24.30.1

- SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):

systemd-bash-completion-234-24.30.1


References:

https://www.suse.com/security/cve/CVE-2019-3842.html
https://www.suse.com/security/cve/CVE-2019-3843.html
https://www.suse.com/security/cve/CVE-2019-3844.html
https://www.suse.com/security/cve/CVE-2019-6454.html
https://bugzilla.suse.com/1036463
https://bugzilla.suse.com/1121563
https://bugzilla.suse.com/1124122
https://bugzilla.suse.com/1125352
https://bugzilla.suse.com/1125604
https://bugzilla.suse.com/1126056
https://bugzilla.suse.com/1127557
https://bugzilla.suse.com/1130230
https://bugzilla.suse.com/1132348
https://bugzilla.suse.com/1132400
https://bugzilla.suse.com/1132721
https://bugzilla.suse.com/1133506
https://bugzilla.suse.com/1133509

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung