Oval Definition:oval:org.opensuse.security:def:56698
Revision Date:2020-12-01Version:1
Title:Security update for systemd (Moderate)
Description:



This update for systemd fixes the following issues:

Security issue fixed:

- CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925)

Non Security issues fixed:

- core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588)

- Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com

- Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr.

- Enable systemd-networkd on Leap distros only (bsc#1071311)

Family:unixClass:patch
Status:Reference(s):1035283
1040662
1049423
1052448
1052449
1052466
1053153
1057974
1068588
1068664
1069708
1071224
1071311
1075801
1076017
1077732
1077925
1079300
1083488
1085114
1085447
1104301
1106989
1106996
1107609
1120114
1120115
1120116
1120117
1120118
1120119
1120120
1120121
1120122
1120381
1122033
1124365
1124366
1124368
1125330
1127987
1128649
1129821
1130262
1130324
1130330
1131317
1132053
1132054
1132060
979475
982575
982745
983249
983273
987394
988591
990419
993819
994749
994844
995075
995324
995359
995377
998190
999665
999666
999668
CVE-2009-0945
CVE-2011-3193
CVE-2011-3922
CVE-2012-4929
CVE-2012-6093
CVE-2013-0254
CVE-2013-4549
CVE-2014-0190
CVE-2014-8169
CVE-2015-0295
CVE-2015-1858
CVE-2015-1859
CVE-2015-1860
CVE-2015-8899
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-2183
CVE-2016-6153
CVE-2016-6302
CVE-2016-6303
CVE-2016-6304
CVE-2016-6306
CVE-2017-1000158
CVE-2017-10661
CVE-2017-10971
CVE-2017-10972
CVE-2017-11423
CVE-2017-12374
CVE-2017-12375
CVE-2017-12376
CVE-2017-12377
CVE-2017-12378
CVE-2017-12379
CVE-2017-12380
CVE-2017-13166
CVE-2017-16939
CVE-2017-18078
CVE-2017-6418
CVE-2017-6419
CVE-2017-6420
CVE-2018-1000004
CVE-2018-1000030
CVE-2018-1068
CVE-2018-15126
CVE-2018-15127
CVE-2018-16412
CVE-2018-16413
CVE-2018-16644
CVE-2018-18335
CVE-2018-18356
CVE-2018-18506
CVE-2018-20019
CVE-2018-20020
CVE-2018-20021
CVE-2018-20022
CVE-2018-20023
CVE-2018-20024
CVE-2018-20467
CVE-2018-5383
CVE-2018-6307
CVE-2018-7566
CVE-2019-10650
CVE-2019-11007
CVE-2019-11008
CVE-2019-11009
CVE-2019-5785
CVE-2019-7175
CVE-2019-7395
CVE-2019-7397
CVE-2019-7398
CVE-2019-9788
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9801
CVE-2019-9810
CVE-2019-9813
CVE-2019-9924
CVE-2019-9956
SUSE-SU-2016:1945-1
SUSE-SU-2016:2394-1
SUSE-SU-2016:3269-1
SUSE-SU-2017:1859-1
SUSE-SU-2017:3313-1
SUSE-SU-2018:0255-1
SUSE-SU-2018:0546-1
SUSE-SU-2018:1018-1
SUSE-SU-2018:1372-1
SUSE-SU-2019:0060-1
SUSE-SU-2019:0466-1
SUSE-SU-2019:0838-2
SUSE-SU-2019:0852-1
SUSE-SU-2019:1033-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaThunderbird-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-common-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-other-52.7-lp150.2 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libsass-3.6.1-lp151.3.3 is installed
  • OR libsass-3_6_1-1-3.6.1-lp151.3.3 is installed
  • OR libsass-devel-3.6.1-lp151.3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libsystemd0-228-150.32 is installed
  • OR libsystemd0-32bit-228-150.32 is installed
  • OR libudev1-228-150.32 is installed
  • OR libudev1-32bit-228-150.32 is installed
  • OR systemd-228-150.32 is installed
  • OR systemd-32bit-228-150.32 is installed
  • OR systemd-bash-completion-228-150.32 is installed
  • OR systemd-sysvinit-228-150.32 is installed
  • OR udev-228-150.32 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libsqlite3-0-3.8.10.2-3 is installed
  • OR libsqlite3-0-32bit-3.8.10.2-3 is installed
  • OR sqlite3-3.8.10.2-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • xorg-x11-server-7.6_1.15.2-53.3 is installed
  • OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND autofs-5.0.9-21 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-devel-52.9.0esr-109.38 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • xen-4.7.6_05-43.42 is installed
  • OR xen-doc-html-4.7.6_05-43.42 is installed
  • OR xen-libs-4.7.6_05-43.42 is installed
  • OR xen-libs-32bit-4.7.6_05-43.42 is installed
  • OR xen-tools-4.7.6_05-43.42 is installed
  • OR xen-tools-domU-4.7.6_05-43.42 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_90-92_45-default-7-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_14-7-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • automake-1.13.4-6 is installed
  • OR m4-1.4.16-15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND binutils-2.32-9.33 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • postgresql96-9.6.15-3.29 is installed
  • OR postgresql96-contrib-9.6.15-3.29 is installed
  • OR postgresql96-docs-9.6.15-3.29 is installed
  • OR postgresql96-libs-9.6.15-3.29 is installed
  • OR postgresql96-plperl-9.6.15-3.29 is installed
  • OR postgresql96-plpython-9.6.15-3.29 is installed
  • OR postgresql96-pltcl-9.6.15-3.29 is installed
  • OR postgresql96-server-9.6.15-3.29 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND binutils-2.32-9.33 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • jakarta-taglibs-standard-1.1.1-255 is installed
  • OR jakarta-taglibs-standard-javadoc-1.1.1-255 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND clamav-0.99.3-33.5 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-71.108 is installed
  • OR ImageMagick-config-6-SUSE-6.8.8.1-71.108 is installed
  • OR ImageMagick-config-6-upstream-6.8.8.1-71.108 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-71.108 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-71.108 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • dnsmasq-2.78-18.6 is installed
  • OR dnsmasq-utils-2.78-18.6 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND haproxy-1.6.11-11.3 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.121 is installed
  • OR kernel-default-base-4.4.180-94.121 is installed
  • OR kernel-default-devel-4.4.180-94.121 is installed
  • OR kernel-default-kgraft-4.4.180-94.121 is installed
  • OR kernel-devel-4.4.180-94.121 is installed
  • OR kernel-macros-4.4.180-94.121 is installed
  • OR kernel-source-4.4.180-94.121 is installed
  • OR kernel-syms-4.4.180-94.121 is installed
  • OR kgraft-patch-4_4_180-94_121-default-1-4.5 is installed
  • OR kgraft-patch-SLE12-SP3_Update_32-1-4.5 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • crowbar-core-6.0+git.1582892022.cbd70e833-3.19 is installed
  • OR crowbar-core-branding-upstream-6.0+git.1582892022.cbd70e833-3.19 is installed
  • OR crowbar-ha-6.0+git.1574286261.6fd1a34-3.13 is installed
  • OR crowbar-openstack-6.0+git.1580922461.67fb3c087-3.19 is installed
  • OR crowbar-ui-1.3.0+git.1575896697.a01a3a08-17 is installed
  • OR keepalived-2.0.19-3.3 is installed
  • OR openstack-barbican-7.0.1~dev24-3.6 is installed
  • OR openstack-barbican-api-7.0.1~dev24-3.6 is installed
  • OR openstack-barbican-keystone-listener-7.0.1~dev24-3.6 is installed
  • OR openstack-barbican-retry-7.0.1~dev24-3.6 is installed
  • OR openstack-barbican-worker-7.0.1~dev24-3.6 is installed
  • OR openstack-ceilometer-11.0.2~dev21-3.10 is installed
  • OR openstack-ceilometer-agent-central-11.0.2~dev21-3.10 is installed
  • OR openstack-ceilometer-agent-compute-11.0.2~dev21-3.10 is installed
  • OR openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10 is installed
  • OR openstack-ceilometer-agent-notification-11.0.2~dev21-3.10 is installed
  • OR openstack-ceilometer-polling-11.0.2~dev21-3.10 is installed
  • OR openstack-cinder-13.0.9~dev11-3.16 is installed
  • OR openstack-cinder-api-13.0.9~dev11-3.16 is installed
  • OR openstack-cinder-backup-13.0.9~dev11-3.16 is installed
  • OR openstack-cinder-scheduler-13.0.9~dev11-3.16 is installed
  • OR openstack-cinder-volume-13.0.9~dev11-3.16 is installed
  • OR openstack-dashboard-14.1.1~dev1-3.12 is installed
  • OR openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3 is installed
  • OR openstack-designate-7.0.1~dev23-3.13 is installed
  • OR openstack-designate-agent-7.0.1~dev23-3.13 is installed
  • OR openstack-designate-api-7.0.1~dev23-3.13 is installed
  • OR openstack-designate-central-7.0.1~dev23-3.13 is installed
  • OR openstack-designate-producer-7.0.1~dev23-3.13 is installed
  • OR openstack-designate-sink-7.0.1~dev23-3.13 is installed
  • OR openstack-designate-worker-7.0.1~dev23-3.13 is installed
  • OR openstack-heat-11.0.3~dev31-3.13 is installed
  • OR openstack-heat-api-11.0.3~dev31-3.13 is installed
  • OR openstack-heat-api-cfn-11.0.3~dev31-3.13 is installed
  • OR openstack-heat-engine-11.0.3~dev31-3.13 is installed
  • OR openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13 is installed
  • OR openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6 is installed
  • OR openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3 is installed
  • OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11 is installed
  • OR openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3 is installed
  • OR openstack-ironic-11.1.4~dev22-3.13 is installed
  • OR openstack-ironic-api-11.1.4~dev22-3.13 is installed
  • OR openstack-ironic-conductor-11.1.4~dev22-3.13 is installed
  • OR openstack-ironic-python-agent-3.3.3~dev6-3.13 is installed
  • OR openstack-keystone-14.1.1~dev36-3.19 is installed
  • OR openstack-magnum-7.2.1~dev1-3.10 is installed
  • OR openstack-magnum-api-7.2.1~dev1-3.10 is installed
  • OR openstack-magnum-conductor-7.2.1~dev1-3.10 is installed
  • OR openstack-monasca-agent-2.8.1~dev13-3.6 is installed
  • OR openstack-neutron-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-dhcp-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-fwaas-13.0.3~dev4-3.9 is installed
  • OR openstack-neutron-gbp-5.0.1~dev491-3.16 is installed
  • OR openstack-neutron-ha-tool-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-l3-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-macvtap-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-metadata-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-metering-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-server-13.0.7~dev48-3.19 is installed
  • OR openstack-neutron-vpnaas-13.0.2~dev6-3.6 is installed
  • OR openstack-neutron-vyatta-agent-13.0.2~dev6-3.6 is installed
  • OR openstack-nova-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-api-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-cells-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-compute-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-conductor-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-console-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-novncproxy-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-placement-api-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-scheduler-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-serialproxy-18.2.4~dev63-3.19 is installed
  • OR openstack-nova-vncproxy-18.2.4~dev63-3.19 is installed
  • OR openstack-octavia-3.2.2~dev8-3.19 is installed
  • OR openstack-octavia-amphora-agent-3.2.2~dev8-3.19 is installed
  • OR openstack-octavia-amphora-image-0.1.2-7.6 is installed
  • OR openstack-octavia-amphora-image-x86_64-0.1.2-7.6 is installed
  • OR openstack-octavia-api-3.2.2~dev8-3.19 is installed
  • OR openstack-octavia-health-manager-3.2.2~dev8-3.19 is installed
  • OR openstack-octavia-housekeeping-3.2.2~dev8-3.19 is installed
  • OR openstack-octavia-worker-3.2.2~dev8-3.19 is installed
  • OR openstack-sahara-9.0.2~dev15-3.9 is installed
  • OR openstack-sahara-api-9.0.2~dev15-3.9 is installed
  • OR openstack-sahara-engine-9.0.2~dev15-3.9 is installed
  • OR openstack-swift-2.19.2~dev48-3.3 is installed
  • OR openstack-swift-account-2.19.2~dev48-3.3 is installed
  • OR openstack-swift-container-2.19.2~dev48-3.3 is installed
  • OR openstack-swift-object-2.19.2~dev48-3.3 is installed
  • OR openstack-swift-proxy-2.19.2~dev48-3.3 is installed
  • OR python-amqp-2.4.2-4.3 is installed
  • OR python-barbican-7.0.1~dev24-3.6 is installed
  • OR python-ceilometer-11.0.2~dev21-3.10 is installed
  • OR python-cinder-13.0.9~dev11-3.16 is installed
  • OR python-designate-7.0.1~dev23-3.13 is installed
  • OR python-heat-11.0.3~dev31-3.13 is installed
  • OR python-horizon-14.1.1~dev1-3.12 is installed
  • OR python-horizon-plugin-designate-ui-7.0.1~dev8-3.6 is installed
  • OR python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3 is installed
  • OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11 is installed
  • OR python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3 is installed
  • OR python-ironic-11.1.4~dev22-3.13 is installed
  • OR python-ironic-lib-2.14.2-3.3 is installed
  • OR python-keystone-14.1.1~dev36-3.19 is installed
  • OR python-keystoneauth1-3.10.1~dev10-3.3 is installed
  • OR python-keystoneclient-3.17.1~dev5-3.3 is installed
  • OR python-keystoneclient-doc-3.17.1~dev5-3.3 is installed
  • OR python-keystonemiddleware-5.2.2~dev3-14 is installed
  • OR python-magnum-7.2.1~dev1-3.10 is installed
  • OR python-monasca-agent-2.8.1~dev13-3.6 is installed
  • OR python-neutron-13.0.7~dev48-3.19 is installed
  • OR python-neutron-fwaas-13.0.3~dev4-3.9 is installed
  • OR python-neutron-gbp-5.0.1~dev491-3.16 is installed
  • OR python-neutron-vpnaas-13.0.2~dev6-3.6 is installed
  • OR python-nova-18.2.4~dev63-3.19 is installed
  • OR python-octavia-3.2.2~dev8-3.19 is installed
  • OR python-openstack_auth-14.1.1~dev1-3.12 is installed
  • OR python-ovs-2.9.0-3.3 is installed
  • OR python-sahara-9.0.2~dev15-3.9 is installed
  • OR python-swift-2.19.2~dev48-3.3 is installed
  • OR ruby2.1-rubygem-crowbar-client-3.9.1-3.3 is installed
  • OR ruby2.1-rubygem-puma-2.16.0-4.3 is installed
  • OR rubygem-crowbar-client-3.9.1-3.3 is installed
  • OR rubygem-puma-2.16.0-4.3 is installed
  • OR supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6 is installed
  • BACK