Oval Definition:oval:org.opensuse.security:def:84761
Revision Date:2017-08-03Version:1
Title:Security update for systemd (Moderate)
Description:

This update for systemd provides several fixes and enhancements.

Security issues fixed:

- CVE-2017-9217: Null pointer dereferencing that could lead to resolved aborting. (bsc#1040614) - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. (bsc#1045290)

The update also fixed several non-security bugs:

- core/mount: Use the '-c' flag to not canonicalize paths when calling /bin/umount - automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942) - automount: Rework propagation between automount and mount units - build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary - build: Fix systemd-journal-upload installation - basic: Detect XEN Dom0 as no virtualization (bsc#1036873) - virt: Make sure some errors are not ignored - fstab-generator: Do not skip Before= ordering for noauto mountpoints - fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995) - fstab-generator: Apply the _netdev option also to device units (bsc#1004995) - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995) - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995) - rules: Export NVMe WWID udev attribute (bsc#1038865) - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives - rules: Add rules for NVMe devices - sysusers: Make group shadow support configurable (bsc#1029516) - core: When deserializing a unit, fully restore its cgroup state (bsc#1029102) - core: Introduce cg_mask_from_string()/cg_mask_to_string() - core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258) - Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files. - Disable group shadow support (bsc#1029516) - Only check signature job error if signature job exists (bsc#1043758) - Automounter issue in combination with NFS volumes (bsc#1040968) - Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153) - Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750)
Family:unixClass:patch
Status:Reference(s):1004995
1029102
1029516
1032029
1033238
1036873
1037120
1038865
1040153
1040258
1040614
1040942
1040968
1043758
1043900
1045290
1046750
982303
986216
CVE-2017-9217
CVE-2017-9445
SUSE-SU-2017:2031-1
Platform(s):SUSE Linux Enterprise Server 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libsystemd0-228-150.9.3 is installed
  • OR libsystemd0-32bit-228-150.9.3 is installed
  • OR libudev1-228-150.9.3 is installed
  • OR libudev1-32bit-228-150.9.3 is installed
  • OR systemd-228-150.9.3 is installed
  • OR systemd-32bit-228-150.9.3 is installed
  • OR systemd-bash-completion-228-150.9.3 is installed
  • OR systemd-sysvinit-228-150.9.3 is installed
  • OR udev-228-150.9.3 is installed
    • BACK