Oval Definition:	oval:org.opensuse.security:def:59769
Revision Date: 2021-07-21 Version: 1 Title: Security update for systemd (Important) Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' Family: unix Class: patch Status: Reference(s): 1012382 1019695 1019699 1022604 1031717 1040311 1040312 1040313 1046610 1050577 1050578 1050579 1050581 1055960 1060799 1064206 1068032 1068565 1073059 1073069 1075428 1076033 1077560 1078677 1082216 1082233 1082234 1082480 1082481 1083574 1083745 1083836 1084223 1084310 1084328 1084353 1084452 1084610 1084699 1084829 1084889 1084898 1084914 1084918 1084967 1085042 1085058 1085224 1085383 1085402 1085404 1085487 1085507 1085511 1085679 1085981 1086015 1086162 1086194 1086357 1086499 1086518 1086607 1087088 1087211 1087231 1087260 1087274 1087659 1087845 1087906 1087999 1088050 1088087 1088200 1088241 1088267 1088313 1088324 1088600 1088684 1088871 1096718 1097356 1100365 1111331 1122293 1122299 1132665 1132728 1132729 1132732 1134297 1158328 1164692 1166238 1169511 1172140 1172437 1174633 1174635 1174638 1178561 1184761 1184967 1185046 1185331 1185807 1188063 802154 CVE-2013-4238 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-15706 CVE-2017-18257 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 CVE-2018-1091 CVE-2018-11212 CVE-2018-12015 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-1304 CVE-2018-1305 CVE-2018-14348 CVE-2018-5848 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 CVE-2018-7740 CVE-2018-8043 CVE-2018-8822 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 CVE-2019-11091 CVE-2019-11745 CVE-2019-13722 CVE-2019-15666 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 CVE-2019-20503 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 CVE-2020-10757 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-1938 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2021-33910 SUSE-SU-2018:0817-1 SUSE-SU-2018:0981-1 SUSE-SU-2018:1048-1 SUSE-SU-2018:2468-1 SUSE-SU-2020:0725-1 SUSE-SU-2020:1571-1 SUSE-SU-2020:2331-1 SUSE-SU-2021:2423-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information avahi-0.6.32-lp150.3 is installed OR avahi-lang-0.6.32-lp150.3 is installed OR libavahi-client3-0.6.32-lp150.3 is installed OR libavahi-common3-0.6.32-lp150.3 is installed OR libavahi-core7-0.6.32-lp150.3 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libopenssl-1_0_0-devel-1.0.2p-lp151.5.3 is installed OR libopenssl-1_0_0-devel-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-32bit-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-1.0.2p-lp151.5.3 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-cavs-1.0.2p-lp151.5.3 is installed OR openssl-1_0_0-doc-1.0.2p-lp151.5.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information perl-5.18.2-12.14 is installed OR perl-32bit-5.18.2-12.14 is installed OR perl-base-5.18.2-12.14 is installed OR perl-doc-5.18.2-12.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information python-2.7.13-27 is installed OR python-32bit-2.7.13-27 is installed OR python-curses-2.7.13-27 is installed OR python-demo-2.7.13-27 is installed OR python-gdbm-2.7.13-27 is installed OR python-idle-2.7.13-27 is installed OR python-tk-2.7.13-27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND permissions-2015.09.28.1626-17.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_103-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_28-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_103-default-2-2 is installed OR kgraft-patch-SLE12-SP3_Update_28-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND shadow-4.2.1-27.19 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache2-mod_apparmor-2.8.2-49 is installed OR apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information libsystemd0-228-150.98.1 is installed OR libsystemd0-32bit-228-150.98.1 is installed OR libudev-devel-228-150.98.1 is installed OR libudev1-228-150.98.1 is installed OR libudev1-32bit-228-150.98.1 is installed OR systemd-228-150.98.1 is installed OR systemd-32bit-228-150.98.1 is installed OR systemd-bash-completion-228-150.98.1 is installed OR systemd-devel-228-150.98.1 is installed OR systemd-sysvinit-228-150.98.1 is installed OR udev-228-150.98.1 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information java-1_7_0-openjdk-1.7.0.261-43.38 is installed OR java-1_7_0-openjdk-demo-1.7.0.261-43.38 is installed OR java-1_7_0-openjdk-devel-1.7.0.261-43.38 is installed OR java-1_7_0-openjdk-headless-1.7.0.261-43.38 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed OR libwebkit2gtk3-lang-2.28.3-2.56 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56 is installed OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed OR webkit2gtk3-2.28.3-2.56 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information xorg-x11-server-7.6_1.18.3-76.26 is installed OR xorg-x11-server-extra-7.6_1.18.3-76.26 is installed
BACK