OVAL Reference oval:org.opensuse.security:def:56698

Oval Definition:

oval:org.opensuse.security:def:56698

Revision Date:	2020-12-01	Version:	1
Title:	Security update for systemd (Moderate)
Description:	This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925) Non Security issues fixed: - core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588) - Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com - Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr. - Enable systemd-networkd on Leap distros only (bsc#1071311)
Family:	unix	Class:	patch
Status:		Reference(s):	1035283 1040662 1049423 1052448 1052449 1052466 1053153 1057974 1068588 1068664 1069708 1071224 1071311 1075801 1076017 1077732 1077925 1079300 1083488 1085114 1085447 1104301 1106989 1106996 1107609 1120114 1120115 1120116 1120117 1120118 1120119 1120120 1120121 1120122 1120381 1122033 1124365 1124366 1124368 1125330 1127987 1128649 1129821 1130262 1130324 1130330 1131317 1132053 1132054 1132060 979475 982575 982745 983249 983273 987394 988591 990419 993819 994749 994844 995075 995324 995359 995377 998190 999665 999666 999668 CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2014-8169 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2015-8899 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6153 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2017-1000158 CVE-2017-10661 CVE-2017-10971 CVE-2017-10972 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-13166 CVE-2017-16939 CVE-2017-18078 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 CVE-2018-1000004 CVE-2018-1000030 CVE-2018-1068 CVE-2018-15126 CVE-2018-15127 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20467 CVE-2018-5383 CVE-2018-6307 CVE-2018-7566 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-5785 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2019-9924 CVE-2019-9956 SUSE-SU-2016:1945-1 SUSE-SU-2016:2394-1 SUSE-SU-2016:3269-1 SUSE-SU-2017:1859-1 SUSE-SU-2017:3313-1 SUSE-SU-2018:0255-1 SUSE-SU-2018:0546-1 SUSE-SU-2018:1018-1 SUSE-SU-2018:1372-1 SUSE-SU-2019:0060-1 SUSE-SU-2019:0466-1 SUSE-SU-2019:0838-2 SUSE-SU-2019:0852-1 SUSE-SU-2019:1033-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information MozillaThunderbird-52.7-lp150.2 is installed OR MozillaThunderbird-translations-common-52.7-lp150.2 is installed OR MozillaThunderbird-translations-other-52.7-lp150.2 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libsass-3.6.1-lp151.3.3 is installed OR libsass-3_6_1-1-3.6.1-lp151.3.3 is installed OR libsass-devel-3.6.1-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libsystemd0-228-150.32 is installed OR libsystemd0-32bit-228-150.32 is installed OR libudev1-228-150.32 is installed OR libudev1-32bit-228-150.32 is installed OR systemd-228-150.32 is installed OR systemd-32bit-228-150.32 is installed OR systemd-bash-completion-228-150.32 is installed OR systemd-sysvinit-228-150.32 is installed OR udev-228-150.32 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libsqlite3-0-3.8.10.2-3 is installed OR libsqlite3-0-32bit-3.8.10.2-3 is installed OR sqlite3-3.8.10.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xorg-x11-server-7.6_1.15.2-53.3 is installed OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND autofs-5.0.9-21 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-devel-52.9.0esr-109.38 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.6_05-43.42 is installed OR xen-doc-html-4.7.6_05-43.42 is installed OR xen-libs-4.7.6_05-43.42 is installed OR xen-libs-32bit-4.7.6_05-43.42 is installed OR xen-tools-4.7.6_05-43.42 is installed OR xen-tools-domU-4.7.6_05-43.42 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_45-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_14-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information automake-1.13.4-6 is installed OR m4-1.4.16-15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND binutils-2.32-9.33 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information postgresql96-9.6.15-3.29 is installed OR postgresql96-contrib-9.6.15-3.29 is installed OR postgresql96-docs-9.6.15-3.29 is installed OR postgresql96-libs-9.6.15-3.29 is installed OR postgresql96-plperl-9.6.15-3.29 is installed OR postgresql96-plpython-9.6.15-3.29 is installed OR postgresql96-pltcl-9.6.15-3.29 is installed OR postgresql96-server-9.6.15-3.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND binutils-2.32-9.33 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information jakarta-taglibs-standard-1.1.1-255 is installed OR jakarta-taglibs-standard-javadoc-1.1.1-255 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND clamav-0.99.3-33.5 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information ImageMagick-6.8.8.1-71.108 is installed OR ImageMagick-config-6-SUSE-6.8.8.1-71.108 is installed OR ImageMagick-config-6-upstream-6.8.8.1-71.108 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.108 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.108 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information dnsmasq-2.78-18.6 is installed OR dnsmasq-utils-2.78-18.6 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND haproxy-1.6.11-11.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kernel-default-4.4.180-94.121 is installed OR kernel-default-base-4.4.180-94.121 is installed OR kernel-default-devel-4.4.180-94.121 is installed OR kernel-default-kgraft-4.4.180-94.121 is installed OR kernel-devel-4.4.180-94.121 is installed OR kernel-macros-4.4.180-94.121 is installed OR kernel-source-4.4.180-94.121 is installed OR kernel-syms-4.4.180-94.121 is installed OR kgraft-patch-4_4_180-94_121-default-1-4.5 is installed OR kgraft-patch-SLE12-SP3_Update_32-1-4.5 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1582892022.cbd70e833-3.19 is installed OR crowbar-core-branding-upstream-6.0+git.1582892022.cbd70e833-3.19 is installed OR crowbar-ha-6.0+git.1574286261.6fd1a34-3.13 is installed OR crowbar-openstack-6.0+git.1580922461.67fb3c087-3.19 is installed OR crowbar-ui-1.3.0+git.1575896697.a01a3a08-17 is installed OR keepalived-2.0.19-3.3 is installed OR openstack-barbican-7.0.1~dev24-3.6 is installed OR openstack-barbican-api-7.0.1~dev24-3.6 is installed OR openstack-barbican-keystone-listener-7.0.1~dev24-3.6 is installed OR openstack-barbican-retry-7.0.1~dev24-3.6 is installed OR openstack-barbican-worker-7.0.1~dev24-3.6 is installed OR openstack-ceilometer-11.0.2~dev21-3.10 is installed OR openstack-ceilometer-agent-central-11.0.2~dev21-3.10 is installed OR openstack-ceilometer-agent-compute-11.0.2~dev21-3.10 is installed OR openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10 is installed OR openstack-ceilometer-agent-notification-11.0.2~dev21-3.10 is installed OR openstack-ceilometer-polling-11.0.2~dev21-3.10 is installed OR openstack-cinder-13.0.9~dev11-3.16 is installed OR openstack-cinder-api-13.0.9~dev11-3.16 is installed OR openstack-cinder-backup-13.0.9~dev11-3.16 is installed OR openstack-cinder-scheduler-13.0.9~dev11-3.16 is installed OR openstack-cinder-volume-13.0.9~dev11-3.16 is installed OR openstack-dashboard-14.1.1~dev1-3.12 is installed OR openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3 is installed OR openstack-designate-7.0.1~dev23-3.13 is installed OR openstack-designate-agent-7.0.1~dev23-3.13 is installed OR openstack-designate-api-7.0.1~dev23-3.13 is installed OR openstack-designate-central-7.0.1~dev23-3.13 is installed OR openstack-designate-producer-7.0.1~dev23-3.13 is installed OR openstack-designate-sink-7.0.1~dev23-3.13 is installed OR openstack-designate-worker-7.0.1~dev23-3.13 is installed OR openstack-heat-11.0.3~dev31-3.13 is installed OR openstack-heat-api-11.0.3~dev31-3.13 is installed OR openstack-heat-api-cfn-11.0.3~dev31-3.13 is installed OR openstack-heat-engine-11.0.3~dev31-3.13 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13 is installed OR openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6 is installed OR openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3 is installed OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11 is installed OR openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3 is installed OR openstack-ironic-11.1.4~dev22-3.13 is installed OR openstack-ironic-api-11.1.4~dev22-3.13 is installed OR openstack-ironic-conductor-11.1.4~dev22-3.13 is installed OR openstack-ironic-python-agent-3.3.3~dev6-3.13 is installed OR openstack-keystone-14.1.1~dev36-3.19 is installed OR openstack-magnum-7.2.1~dev1-3.10 is installed OR openstack-magnum-api-7.2.1~dev1-3.10 is installed OR openstack-magnum-conductor-7.2.1~dev1-3.10 is installed OR openstack-monasca-agent-2.8.1~dev13-3.6 is installed OR openstack-neutron-13.0.7~dev48-3.19 is installed OR openstack-neutron-dhcp-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-fwaas-13.0.3~dev4-3.9 is installed OR openstack-neutron-gbp-5.0.1~dev491-3.16 is installed OR openstack-neutron-ha-tool-13.0.7~dev48-3.19 is installed OR openstack-neutron-l3-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-macvtap-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-metadata-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-metering-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19 is installed OR openstack-neutron-server-13.0.7~dev48-3.19 is installed OR openstack-neutron-vpnaas-13.0.2~dev6-3.6 is installed OR openstack-neutron-vyatta-agent-13.0.2~dev6-3.6 is installed OR openstack-nova-18.2.4~dev63-3.19 is installed OR openstack-nova-api-18.2.4~dev63-3.19 is installed OR openstack-nova-cells-18.2.4~dev63-3.19 is installed OR openstack-nova-compute-18.2.4~dev63-3.19 is installed OR openstack-nova-conductor-18.2.4~dev63-3.19 is installed OR openstack-nova-console-18.2.4~dev63-3.19 is installed OR openstack-nova-novncproxy-18.2.4~dev63-3.19 is installed OR openstack-nova-placement-api-18.2.4~dev63-3.19 is installed OR openstack-nova-scheduler-18.2.4~dev63-3.19 is installed OR openstack-nova-serialproxy-18.2.4~dev63-3.19 is installed OR openstack-nova-vncproxy-18.2.4~dev63-3.19 is installed OR openstack-octavia-3.2.2~dev8-3.19 is installed OR openstack-octavia-amphora-agent-3.2.2~dev8-3.19 is installed OR openstack-octavia-amphora-image-0.1.2-7.6 is installed OR openstack-octavia-amphora-image-x86_64-0.1.2-7.6 is installed OR openstack-octavia-api-3.2.2~dev8-3.19 is installed OR openstack-octavia-health-manager-3.2.2~dev8-3.19 is installed OR openstack-octavia-housekeeping-3.2.2~dev8-3.19 is installed OR openstack-octavia-worker-3.2.2~dev8-3.19 is installed OR openstack-sahara-9.0.2~dev15-3.9 is installed OR openstack-sahara-api-9.0.2~dev15-3.9 is installed OR openstack-sahara-engine-9.0.2~dev15-3.9 is installed OR openstack-swift-2.19.2~dev48-3.3 is installed OR openstack-swift-account-2.19.2~dev48-3.3 is installed OR openstack-swift-container-2.19.2~dev48-3.3 is installed OR openstack-swift-object-2.19.2~dev48-3.3 is installed OR openstack-swift-proxy-2.19.2~dev48-3.3 is installed OR python-amqp-2.4.2-4.3 is installed OR python-barbican-7.0.1~dev24-3.6 is installed OR python-ceilometer-11.0.2~dev21-3.10 is installed OR python-cinder-13.0.9~dev11-3.16 is installed OR python-designate-7.0.1~dev23-3.13 is installed OR python-heat-11.0.3~dev31-3.13 is installed OR python-horizon-14.1.1~dev1-3.12 is installed OR python-horizon-plugin-designate-ui-7.0.1~dev8-3.6 is installed OR python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3 is installed OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11 is installed OR python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3 is installed OR python-ironic-11.1.4~dev22-3.13 is installed OR python-ironic-lib-2.14.2-3.3 is installed OR python-keystone-14.1.1~dev36-3.19 is installed OR python-keystoneauth1-3.10.1~dev10-3.3 is installed OR python-keystoneclient-3.17.1~dev5-3.3 is installed OR python-keystoneclient-doc-3.17.1~dev5-3.3 is installed OR python-keystonemiddleware-5.2.2~dev3-14 is installed OR python-magnum-7.2.1~dev1-3.10 is installed OR python-monasca-agent-2.8.1~dev13-3.6 is installed OR python-neutron-13.0.7~dev48-3.19 is installed OR python-neutron-fwaas-13.0.3~dev4-3.9 is installed OR python-neutron-gbp-5.0.1~dev491-3.16 is installed OR python-neutron-vpnaas-13.0.2~dev6-3.6 is installed OR python-nova-18.2.4~dev63-3.19 is installed OR python-octavia-3.2.2~dev8-3.19 is installed OR python-openstack_auth-14.1.1~dev1-3.12 is installed OR python-ovs-2.9.0-3.3 is installed OR python-sahara-9.0.2~dev15-3.9 is installed OR python-swift-2.19.2~dev48-3.3 is installed OR ruby2.1-rubygem-crowbar-client-3.9.1-3.3 is installed OR ruby2.1-rubygem-puma-2.16.0-4.3 is installed OR rubygem-crowbar-client-3.9.1-3.3 is installed OR rubygem-puma-2.16.0-4.3 is installed OR supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6 is installed

BACK