ESB-2018.3507 - [Linux][SUSE] systemd: Multiple vulnerabilities 2018-11-08

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3507
             SUSE Security Update: Security update for systemd
                              8 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           systemd
Publisher:         SUSE
Operating System:  SUSE
                   Linux variants
Impact/Access:     Root Compromise   -- Remote/Unauthenticated
                   Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-15688 CVE-2018-15686 

Reference:         ESB-2018.3465

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20183644-1/

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than SUSE. It is recommended that administrators 
         running systemd check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3644-1
Rating:             important
References:         #1089761 #1090944 #1091677 #1093753 #1101040 
                    #1102908 #1105031 #1107640 #1107941 #1109197 
                    #1109252 #1110445 #1112024 #1113083 #1113632 
                    #1113665 #1114135 #991901 
Cross-References:   CVE-2018-15686 CVE-2018-15688
Affected Products:
                    SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
                    SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________

   An update that solves two vulnerabilities and has 16 fixes
   is now available.

Description:

   This update for systemd fixes the following issues:

   Security issues fixed:

   - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of
     systemd allowed a malicious dhcp6 server to overwrite heap memory in
     systemd-networkd. (bsc#1113632)
   - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an
     attacker to supply arbitrary state across systemd re-execution via
     NotifyAccess. This can be used to improperly influence systemd execution
     and possibly lead to root privilege escalation. (bsc#1113665)

   Non security issues fixed:

   - dhcp6: split assert_return() to be more debuggable when hit
   - core: skip unit deserialization and move to the next one when
     unit_deserialize() fails
   - core: properly handle deserialization of unknown unit types (#6476)
   - core: don't create Requires for workdir if "missing ok" (bsc#1113083)
   - logind: use manager_get_user_by_pid() where appropriate
   - logind: rework manager_get_{user|session}_by_pid() a bit
   - login: fix user@.service case, so we don't allow nested sessions (#8051)
     (bsc#1112024)
   - core: be more defensive if we can't determine per-connection socket peer
     (#7329)
   - core: introduce systemd.early_core_pattern= kernel cmdline option
   - core: add missing 'continue' statement
   - core/mount: fstype may be NULL
   - journald: don't ship systemd-journald-audit.socket (bsc#1109252)
   - core: make "tmpfs" dependencies on swapfs a "default" dep, not an
     "implicit" (bsc#1110445)
   - mount: make sure we unmount tmpfs mounts before we deactivate swaps
     (#7076)
   - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197)
   - emergency: make sure console password agents don't interfere with the
     emergency shell
   - man: document that 'nofail' also has an effect on ordering
   - journald: take leading spaces into account in syslog_parse_identifier
   - journal: do not remove multiple spaces after identifier in syslog message
   - syslog: fix segfault in syslog_parse_priority()
   - journal: fix syslog_parse_identifier()
   - install: drop left-over debug message (#6913)
   - Ship systemd-sysv-install helper via the main package This script was
     part of systemd-sysvinit sub-package but it was wrong since
     systemd-sysv-install is a script used to redirect enable/disable
     operations to chkconfig when the unit targets are sysv init scripts.
     Therefore it's never been a SySV init tool.
   - Add udev.no-partlabel-links kernel command-line option. This option can
     be used to disable the generation of the by-partlabel symlinks
     regardless of the name used. (bsc#1089761)
   - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040)
   - systemctl: load unit if needed in "systemctl is-active" (bsc#1102908)
   - core: don't freeze OnCalendar= timer units when the clock goes back a
     lot (bsc#1090944)
   - Enable or disable machines.target according to the presets (bsc#1107941)
   - cryptsetup: add support for sector-size= option (fate#325697)
   - nspawn: always use permission mode 555 for /sys (bsc#1107640)
   - Bugfix for a race condition between daemon-reload and other commands
     (bsc#1105031)
   - Fixes an issue where login with root credentials was not possible in
     init level 5 (bsc#1091677)
   - Fix an issue where services of type "notify" harmless DENIED log
     entries. (bsc#991901)
   - Does no longer adjust qgroups on existing subvolumes (bsc#1093753)
   - cryptsetup: add support for sector-size= option (#9936) (fate#325697
     bsc#1114135)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2595=1

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2595=1



Package List:

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64):

      libsystemd0-mini-234-24.15.1
      libsystemd0-mini-debuginfo-234-24.15.1
      libudev-mini-devel-234-24.15.1
      libudev-mini1-234-24.15.1
      libudev-mini1-debuginfo-234-24.15.1
      nss-myhostname-234-24.15.1
      nss-myhostname-debuginfo-234-24.15.1
      nss-mymachines-234-24.15.1
      nss-mymachines-debuginfo-234-24.15.1
      nss-systemd-234-24.15.1
      nss-systemd-debuginfo-234-24.15.1
      systemd-debuginfo-234-24.15.1
      systemd-debugsource-234-24.15.1
      systemd-logger-234-24.15.1
      systemd-mini-234-24.15.1
      systemd-mini-container-mini-234-24.15.1
      systemd-mini-container-mini-debuginfo-234-24.15.1
      systemd-mini-coredump-mini-234-24.15.1
      systemd-mini-coredump-mini-debuginfo-234-24.15.1
      systemd-mini-debuginfo-234-24.15.1
      systemd-mini-debugsource-234-24.15.1
      systemd-mini-devel-234-24.15.1
      systemd-mini-sysvinit-234-24.15.1
      udev-mini-234-24.15.1
      udev-mini-debuginfo-234-24.15.1

   - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):

      systemd-mini-bash-completion-234-24.15.1

   - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):

      libsystemd0-234-24.15.1
      libsystemd0-debuginfo-234-24.15.1
      libudev-devel-234-24.15.1
      libudev1-234-24.15.1
      libudev1-debuginfo-234-24.15.1
      systemd-234-24.15.1
      systemd-container-234-24.15.1
      systemd-container-debuginfo-234-24.15.1
      systemd-coredump-234-24.15.1
      systemd-coredump-debuginfo-234-24.15.1
      systemd-debuginfo-234-24.15.1
      systemd-debugsource-234-24.15.1
      systemd-devel-234-24.15.1
      systemd-sysvinit-234-24.15.1
      udev-234-24.15.1
      udev-debuginfo-234-24.15.1

   - SUSE Linux Enterprise Module for Basesystem 15 (noarch):

      systemd-bash-completion-234-24.15.1

   - SUSE Linux Enterprise Module for Basesystem 15 (x86_64):

      libsystemd0-32bit-234-24.15.1
      libsystemd0-32bit-debuginfo-234-24.15.1
      libudev1-32bit-234-24.15.1
      libudev1-32bit-debuginfo-234-24.15.1
      systemd-32bit-234-24.15.1
      systemd-32bit-debuginfo-234-24.15.1


References:

   https://www.suse.com/security/cve/CVE-2018-15686.html
   https://www.suse.com/security/cve/CVE-2018-15688.html
   https://bugzilla.suse.com/1089761
   https://bugzilla.suse.com/1090944
   https://bugzilla.suse.com/1091677
   https://bugzilla.suse.com/1093753
   https://bugzilla.suse.com/1101040
   https://bugzilla.suse.com/1102908
   https://bugzilla.suse.com/1105031
   https://bugzilla.suse.com/1107640
   https://bugzilla.suse.com/1107941
   https://bugzilla.suse.com/1109197
   https://bugzilla.suse.com/1109252
   https://bugzilla.suse.com/1110445
   https://bugzilla.suse.com/1112024
   https://bugzilla.suse.com/1113083
   https://bugzilla.suse.com/1113632
   https://bugzilla.suse.com/1113665
   https://bugzilla.suse.com/1114135
   https://bugzilla.suse.com/991901

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW+OdAmaOgq3Tt24GAQgzYw/+KX98e5eV/iW+zGmhAw2ZpUilY2cDaJd4
BY/xPAqf536x7R74CDeRUvoQCHJJ1sqwW/OpBFKGvEbTqi6yeryfBHmsnv3jIwqM
JXvhGhRVoSZmps28Ilxl/A4h8+HVstowVL76Ofx6NiQw0rIVC6zUmk2iWG7/4s3v
gSDKn9FeiA9y2ujI+Yy6kUmlp0LwP38T8On1n+MeueqsSr1DdRv4c8TDWA40yM3s
T+8M487+uGdY3OAijCNg0iZuKEw+PnW9DrxU1VfEEcm8kiHhRx/lQ/DeDC9W9eTP
kzZuUh9P/O+f4kAvcLxuAZNsSctdhi21G2pyLywKprzIyNwzGXglks9HBRY41yjW
env5IjhG79ZHAQqXkZvghL0hSnGG6zM55s3CDtvOmrJ51YrVCCjWeT1ILQSigMbS
ra/D3sWcNmX30i1UpbXflanPzYyv9o7SRF4DU3hOKBMncLzSDpEIt7IAxRStcT7D
fa2QcQwyH86Ax5eYisybe7d/2l23MA+UL3HvLyH0WMH2W9R0Ycds2mT+Ge6fUNcu
VdJ9kwrxfYoRiMgsrlfB13tqXBHQOkJHeqOF4Sd9b3BnUm23UVBlPn6IUAItUhg5
lBxa8A32SptvWG4TiN/b86dUdtPOjVJjLldOT+0Yw+RTa2nUzwGmxplWfpzCIQZ3
4vSqarcJJzI=
=6rfc
-----END PGP SIGNATURE-----

« Back to bulletins