Oval Definition:oval:org.opensuse.security:def:53715
Revision Date:2020-12-01Version:1
Title:Security update for systemd (Important)
Description:
This update for systemd fixes the following issues:

- CVE-2020-1712 (bsc#bsc#1162108)
Fix a heap use-after-free vulnerability, when asynchronous
Polkit queries were performed while handling Dbus messages. A local
unprivileged attacker could have abused this flaw to crash systemd services or
potentially execute code and elevate their privileges, by sending specially
crafted Dbus messages.

- Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683)

- libblkid: open device in nonblock mode. (bsc#1084671)
- udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)
- bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386)
- fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814)
- fileio: initialize errno to zero before we do fread()
- fileio: try to read one byte too much in read_full_stream()
- logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485)
- logind: never elect a session that is stopping as display

- journal: include kmsg lines from the systemd process which exec()d us (#8078)
- udevd: don't use monitor after manager_exit()
- udevd: capitalize log messages in on_sigchld()
- udevd: merge conditions to decrease indentation
- Revert 'udevd: fix crash when workers time out after exit is signal caught'
- core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482)
- udevd: fix crash when workers time out after exit is signal caught
- udevd: wait for workers to finish when exiting (bsc#1106383)

- Improve bash completion support (bsc#1155207)
* shell-completion: systemctl: do not list template units in {re,}start
* shell-completion: systemctl: pass current word to all list_unit*
* bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207)
* bash-completion: systemctl: use systemctl --no-pager
* bash-completion: also suggest template unit files
* bash-completion: systemctl: add missing options and verbs
* bash-completion: use the first argument instead of the global variable (#6457)

- networkd: VXLan Make group and remote variable separate (bsc#1156213)
- networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213)
- fs-util: let's avoid unnecessary strerror()
- fs-util: introduce inotify_add_watch_and_warn() helper
- ask-password: improve log message when inotify limit is reached (bsc#1155574)
- shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377)
- man: alias names can't be used with enable command (bsc#1151377)

- Add boot option to not use swap at system start (jsc#SLE-7689)

- Allow YaST to select Iranian (Persian, Farsi) keyboard layout
(bsc#1092920)
Family:unixClass:patch
Status:Reference(s):1024718
1033619
1046299
1046853
1046858
1047964
1047965
1049344
1050242
1050244
1051510
1055120
1055121
1055186
1056061
1058115
1060463
1061840
1065600
1065729
1068273
1069257
1078248
1079935
1082387
1082555
1082653
1083647
1084671
1085535
1086001
1086196
1086282
1086283
1086423
1087978
1088004
1088009
1088386
1089350
1089533
1090888
1091405
1091800
1092920
1094244
1097593
1097755
1100132
1102875
1102877
1102879
1102882
1102896
1103257
1103356
1103925
1104124
1104353
1104427
1104824
1104967
1105168
1105428
1106019
1106105
1106110
1106237
1106240
1106383
1106615
1106913
1107030
1107256
1107385
1107866
1108270
1108468
1109272
1109772
1109806
1110006
1110558
1110998
1111040
1111062
1111174
1111183
1111188
1111469
1111696
1111795
1111809
1111921
1112878
1112963
1113295
1113408
1113412
1113501
1113667
1113677
1113722
1113751
1113769
1113780
1113972
1114015
1114178
1114279
1114385
1114576
1114577
1114578
1114579
1114580
1114581
1114582
1114583
1114584
1114585
1114839
1114871
1115074
1115269
1115431
1115433
1115440
1115567
1115709
1115976
1116040
1116183
1116336
1116692
1116693
1116698
1116699
1116700
1116701
1116803
1116841
1116862
1116863
1116876
1116877
1116878
1116891
1116895
1116899
1116950
1117115
1117162
1117165
1117168
1117172
1117174
1117181
1117184
1117186
1117188
1117189
1117349
1117561
1117656
1117788
1117789
1117790
1117791
1117792
1117794
1117795
1117796
1117798
1117799
1117801
1117802
1117803
1117804
1117805
1117806
1117807
1117808
1117815
1117816
1117817
1117818
1117819
1117820
1117821
1117822
1117953
1118102
1118136
1118137
1118138
1118140
1118152
1118215
1118316
1118319
1118428
1118484
1118505
1118752
1118760
1118761
1118762
1118766
1118767
1118768
1118769
1118771
1118772
1118773
1118774
1118775
1118798
1118809
1118962
1119017
1119086
1119212
1119322
1119410
1119714
1119749
1119804
1119946
1119962
1119968
1120036
1120046
1120053
1120054
1120055
1120058
1120088
1120092
1120094
1120096
1120097
1120173
1120214
1120223
1120228
1120230
1120232
1120234
1120235
1120238
1120594
1120598
1120600
1120601
1120602
1120603
1120604
1120606
1120612
1120613
1120614
1120615
1120616
1120617
1120618
1120620
1120621
1120632
1120633
1120743
1120954
1121017
1121058
1121263
1121273
1121477
1121483
1121599
1121621
1121714
1121715
1121973
1133495
1151377
1154256
1155207
1155574
1156213
1156482
1158485
1159814
1161436
1162108
947165
950703
950704
950705
950706
951845
954018
954405
956408
956409
956411
956592
956832
958861
970072
970073
CVE-2009-3627
CVE-2012-2669
CVE-2012-5532
CVE-2013-1987
CVE-2014-2524
CVE-2014-6271
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2015-5307
CVE-2015-7311
CVE-2015-7504
CVE-2015-7835
CVE-2015-7969
CVE-2015-7970
CVE-2015-7971
CVE-2015-7972
CVE-2015-8000
CVE-2015-8104
CVE-2015-8339
CVE-2015-8340
CVE-2015-8341
CVE-2015-8345
CVE-2016-0634
CVE-2016-10324
CVE-2016-10325
CVE-2016-10326
CVE-2016-1285
CVE-2016-1286
CVE-2016-7543
CVE-2016-7949
CVE-2016-7950
CVE-2017-10684
CVE-2017-10685
CVE-2017-11112
CVE-2017-11113
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13087
CVE-2017-13088
CVE-2017-16899
CVE-2017-3058
CVE-2017-3059
CVE-2017-3060
CVE-2017-3061
CVE-2017-3062
CVE-2017-3063
CVE-2017-3064
CVE-2017-7853
CVE-2018-1060
CVE-2018-1061
CVE-2018-12232
CVE-2018-14618
CVE-2018-14625
CVE-2018-16862
CVE-2018-16884
CVE-2018-18281
CVE-2018-18397
CVE-2018-18710
CVE-2018-19407
CVE-2018-19824
CVE-2018-19854
CVE-2018-19985
CVE-2018-20169
CVE-2018-9568
CVE-2019-20386
CVE-2020-1712
SUSE-SU-2015:2328-1
SUSE-SU-2015:2359-1
SUSE-SU-2016:0759-1
SUSE-SU-2017:0990-1
SUSE-SU-2017:2075-1
SUSE-SU-2017:2745-1
SUSE-SU-2018:0231-1
SUSE-SU-2018:2696-1
SUSE-SU-2018:2715-1
SUSE-SU-2019:0224-1
SUSE-SU-2020:0335-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • dhcp-4.3.5-lp150.4 is installed
  • OR dhcp-client-4.3.5-lp150.4 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-buildsymbols-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-translations-common-60.7.2-lp151.2.7 is installed
  • OR MozillaThunderbird-translations-other-60.7.2-lp151.2.7 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • xorg-x11-libXext-7.4-1.18 is installed
  • OR xorg-x11-libXext-32bit-7.4-1.18 is installed
  • OR xorg-x11-libXext-devel-7.4-1.18 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • e2fsprogs-1.41.9-2.10.11 is installed
  • OR libblkid1-2.19.1-6.62 is installed
  • OR libblkid1-32bit-2.19.1-6.62 is installed
  • OR libcom_err2-1.41.9-2.10.11 is installed
  • OR libcom_err2-32bit-1.41.9-2.10.11 is installed
  • OR libext2fs2-1.41.9-2.10.11 is installed
  • OR libuuid-devel-2.19.1-6.62 is installed
  • OR libuuid1-2.19.1-6.62 is installed
  • OR libuuid1-32bit-2.19.1-6.62 is installed
  • OR uuid-runtime-2.19.1-6.62 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • flash-player-11.2.202.481-0.8 is installed
  • OR flash-player-gnome-11.2.202.481-0.8 is installed
  • OR flash-player-kde4-11.2.202.481-0.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • xen-4.4.3_06-22.15 is installed
  • OR xen-kmp-default-4.4.3_06_k3.12.48_52.27-22.15 is installed
  • OR xen-libs-4.4.3_06-22.15 is installed
  • OR xen-libs-32bit-4.4.3_06-22.15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • bind-9.9.6P1-32 is installed
  • OR bind-libs-9.9.6P1-32 is installed
  • OR bind-libs-32bit-9.9.6P1-32 is installed
  • OR bind-utils-9.9.6P1-32 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND wpa_supplicant-2.2-15.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libncurses5-5.9-50 is installed
  • OR libncurses5-32bit-5.9-50 is installed
  • OR libncurses6-5.9-50 is installed
  • OR libncurses6-32bit-5.9-50 is installed
  • OR ncurses-5.9-50 is installed
  • OR ncurses-devel-5.9-50 is installed
  • OR ncurses-utils-5.9-50 is installed
  • OR tack-5.9-50 is installed
  • OR terminfo-5.9-50 is installed
  • OR terminfo-base-5.9-50 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • bash-4.3-83.15 is installed
  • OR bash-doc-4.3-83.15 is installed
  • OR bash-lang-4.3-83.15 is installed
  • OR libreadline6-6.3-83.15 is installed
  • OR libreadline6-32bit-6.3-83.15 is installed
  • OR readline-doc-6.3-83.15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • bind-9.9.6P1-30 is installed
  • OR bind-chrootenv-9.9.6P1-30 is installed
  • OR bind-doc-9.9.6P1-30 is installed
  • OR bind-libs-9.9.6P1-30 is installed
  • OR bind-libs-32bit-9.9.6P1-30 is installed
  • OR bind-utils-9.9.6P1-30 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_40-default-5-4 is installed
  • OR kgraft-patch-3_12_74-60_64_40-xen-5-4 is installed
  • OR kgraft-patch-SLE12-SP1_Update_15-5-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • cvs-1.12.12-181 is installed
  • OR cvs-doc-1.12.12-181 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • cups-filters-1.0.58-15.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-15.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-15.2 is installed
  • OR cups-filters-ghostscript-1.0.58-15.2 is installed
  • OR libqpdf18-7.1.1-3.3 is installed
  • OR qpdf-7.1.1-3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • accountsservice-0.6.42-14 is installed
  • OR accountsservice-lang-0.6.42-14 is installed
  • OR libaccountsservice0-0.6.42-14 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • python-cffi-1.11.2-5.11 is installed
  • OR python-cryptography-2.1.4-7.28 is installed
  • OR python-xattr-0.7.5-6.3 is installed
  • OR python3-cffi-1.11.2-5.11 is installed
  • OR python3-cryptography-2.1.4-7.28 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libseccomp-2.4.1-11.3 is installed
  • OR libseccomp2-2.4.1-11.3 is installed
  • OR libseccomp2-32bit-2.4.1-11.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libsolv-0.6.36-2.16 is installed
  • OR libsolv-tools-0.6.36-2.16 is installed
  • OR libzypp-16.20.0-2.39 is installed
  • OR perl-solv-0.6.36-2.16 is installed
  • OR python-solv-0.6.36-2.16 is installed
  • OR zypper-1.13.51-21.26 is installed
  • OR zypper-log-1.13.51-21.26 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libtiff5-4.0.9-44.21 is installed
  • OR libtiff5-32bit-4.0.9-44.21 is installed
  • OR tiff-4.0.9-44.21 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-translations-52.9.0esr-109.38 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND Package Information
  • libsystemd0-234-24.39 is installed
  • OR libsystemd0-32bit-234-24.39 is installed
  • OR libudev-devel-234-24.39 is installed
  • OR libudev1-234-24.39 is installed
  • OR libudev1-32bit-234-24.39 is installed
  • OR systemd-234-24.39 is installed
  • OR systemd-32bit-234-24.39 is installed
  • OR systemd-bash-completion-234-24.39 is installed
  • OR systemd-container-234-24.39 is installed
  • OR systemd-coredump-234-24.39 is installed
  • OR systemd-devel-234-24.39 is installed
  • OR systemd-sysvinit-234-24.39 is installed
  • OR udev-234-24.39 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.28 is installed
  • OR kernel-default-extra-4.12.14-25.28 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-activesupport-4_2-4.2.2-2 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • MozillaFirefox-60.6.1esr-109.63 is installed
  • OR MozillaFirefox-devel-60.6.1esr-109.63 is installed
  • OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • galera-3-25.3.24-4.3 is installed
  • OR galera-3-wsrep-provider-25.3.24-4.3 is installed
  • OR libmariadb3-3.0.6-3.6 is installed
  • OR mariadb-10.2.21-4.8 is installed
  • OR mariadb-client-10.2.21-4.8 is installed
  • OR mariadb-connector-c-3.0.6-3.6 is installed
  • OR mariadb-errormessages-10.2.21-4.8 is installed
  • OR mariadb-galera-10.2.21-4.8 is installed
  • OR mariadb-tools-10.2.21-4.8 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Django1-1.11.23-3.9 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND nodejs6-6.14.4-11.18 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • openstack-manila-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-api-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-data-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-scheduler-7.3.1~dev15-4.18 is installed
  • OR openstack-manila-share-7.3.1~dev15-4.18 is installed
  • OR python-manila-7.3.1~dev15-4.18 is installed
  • BACK