SUSE-SU-2020:0331-1

UNKNOWN

Security update for systemd

Published Mar 18, 2020

Modified 5 years ago

Fix available

Details

This update for systemd fixes the following issues:

CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages.
Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459)
Fix warnings thrown during package installation. (bsc#1154043)
Fix for system-udevd prevent crash within OES2018. (bsc#1151506)
Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482)
Wait for workers to finish when exiting. (bsc#1106383)
Improve log message when inotify limit is reached. (bsc#1155574)
Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377)
Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)

Affected Packages(11 packages)

libsystemd0

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

libsystemd0-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

libudev-devel

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server 12 SP4

Fixed in:

228-150.82.1

libudev1

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

libudev1-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

systemd

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

systemd-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

systemd-bash-completion

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

systemd-sysvinit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

udev

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

228-150.82.1

References

https://bugzilla.suse.com/1106383

https://bugzilla.suse.com/1133495

https://bugzilla.suse.com/1139459

https://bugzilla.suse.com/1151377

https://bugzilla.suse.com/1151506

https://bugzilla.suse.com/1154043

https://bugzilla.suse.com/1155574

https://bugzilla.suse.com/1156482

https://bugzilla.suse.com/1159814

https://bugzilla.suse.com/1162108

https://www.suse.com/security/cve/CVE-2020-1712

https://www.suse.com/support/update/announcement/2020/suse-su-20200331-1/

Upstream

Related

Ecosystems(15)

SUSE Enterprise Storage 5 SUSE HPE Helion OpenStack 8 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS

Timeline

PublishedMar 18, 2020

ModifiedMar 18, 2020

SUSE-SU-2020:0331-1 | Mondoo Vulnerability Intelligence