Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3507 SUSE Security Update: Security update for systemd 8 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: systemd Publisher: SUSE Operating System: SUSE Linux variants Impact/Access: Root Compromise -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-15688 CVE-2018-15686 Reference: ESB-2018.3465 Original Bulletin: https://www.suse.com/support/update/announcement/2018/suse-su-20183644-1/ Comment: This advisory references vulnerabilities in products which run on platforms other than SUSE. It is recommended that administrators running systemd check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3644-1 Rating: important References: #1089761 #1090944 #1091677 #1093753 #1101040 #1102908 #1105031 #1107640 #1107941 #1109197 #1109252 #1110445 #1112024 #1113083 #1113632 #1113665 #1114135 #991901 Cross-References: CVE-2018-15686 CVE-2018-15688 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has 16 fixes is now available. Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if "missing ok" (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make "tmpfs" dependencies on swapfs a "default" dep, not an "implicit" (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in "systemctl is-active" (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type "notify" harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2595=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2595=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libsystemd0-mini-234-24.15.1 libsystemd0-mini-debuginfo-234-24.15.1 libudev-mini-devel-234-24.15.1 libudev-mini1-234-24.15.1 libudev-mini1-debuginfo-234-24.15.1 nss-myhostname-234-24.15.1 nss-myhostname-debuginfo-234-24.15.1 nss-mymachines-234-24.15.1 nss-mymachines-debuginfo-234-24.15.1 nss-systemd-234-24.15.1 nss-systemd-debuginfo-234-24.15.1 systemd-debuginfo-234-24.15.1 systemd-debugsource-234-24.15.1 systemd-logger-234-24.15.1 systemd-mini-234-24.15.1 systemd-mini-container-mini-234-24.15.1 systemd-mini-container-mini-debuginfo-234-24.15.1 systemd-mini-coredump-mini-234-24.15.1 systemd-mini-coredump-mini-debuginfo-234-24.15.1 systemd-mini-debuginfo-234-24.15.1 systemd-mini-debugsource-234-24.15.1 systemd-mini-devel-234-24.15.1 systemd-mini-sysvinit-234-24.15.1 udev-mini-234-24.15.1 udev-mini-debuginfo-234-24.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): systemd-mini-bash-completion-234-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.15.1 libsystemd0-debuginfo-234-24.15.1 libudev-devel-234-24.15.1 libudev1-234-24.15.1 libudev1-debuginfo-234-24.15.1 systemd-234-24.15.1 systemd-container-234-24.15.1 systemd-container-debuginfo-234-24.15.1 systemd-coredump-234-24.15.1 systemd-coredump-debuginfo-234-24.15.1 systemd-debuginfo-234-24.15.1 systemd-debugsource-234-24.15.1 systemd-devel-234-24.15.1 systemd-sysvinit-234-24.15.1 udev-234-24.15.1 udev-debuginfo-234-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): systemd-bash-completion-234-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libsystemd0-32bit-234-24.15.1 libsystemd0-32bit-debuginfo-234-24.15.1 libudev1-32bit-234-24.15.1 libudev1-32bit-debuginfo-234-24.15.1 systemd-32bit-234-24.15.1 systemd-32bit-debuginfo-234-24.15.1 References: https://www.suse.com/security/cve/CVE-2018-15686.html https://www.suse.com/security/cve/CVE-2018-15688.html https://bugzilla.suse.com/1089761 https://bugzilla.suse.com/1090944 https://bugzilla.suse.com/1091677 https://bugzilla.suse.com/1093753 https://bugzilla.suse.com/1101040 https://bugzilla.suse.com/1102908 https://bugzilla.suse.com/1105031 https://bugzilla.suse.com/1107640 https://bugzilla.suse.com/1107941 https://bugzilla.suse.com/1109197 https://bugzilla.suse.com/1109252 https://bugzilla.suse.com/1110445 https://bugzilla.suse.com/1112024 https://bugzilla.suse.com/1113083 https://bugzilla.suse.com/1113632 https://bugzilla.suse.com/1113665 https://bugzilla.suse.com/1114135 https://bugzilla.suse.com/991901 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW+OdAmaOgq3Tt24GAQgzYw/+KX98e5eV/iW+zGmhAw2ZpUilY2cDaJd4 BY/xPAqf536x7R74CDeRUvoQCHJJ1sqwW/OpBFKGvEbTqi6yeryfBHmsnv3jIwqM JXvhGhRVoSZmps28Ilxl/A4h8+HVstowVL76Ofx6NiQw0rIVC6zUmk2iWG7/4s3v gSDKn9FeiA9y2ujI+Yy6kUmlp0LwP38T8On1n+MeueqsSr1DdRv4c8TDWA40yM3s T+8M487+uGdY3OAijCNg0iZuKEw+PnW9DrxU1VfEEcm8kiHhRx/lQ/DeDC9W9eTP kzZuUh9P/O+f4kAvcLxuAZNsSctdhi21G2pyLywKprzIyNwzGXglks9HBRY41yjW env5IjhG79ZHAQqXkZvghL0hSnGG6zM55s3CDtvOmrJ51YrVCCjWeT1ILQSigMbS ra/D3sWcNmX30i1UpbXflanPzYyv9o7SRF4DU3hOKBMncLzSDpEIt7IAxRStcT7D fa2QcQwyH86Ax5eYisybe7d/2l23MA+UL3HvLyH0WMH2W9R0Ycds2mT+Ge6fUNcu VdJ9kwrxfYoRiMgsrlfB13tqXBHQOkJHeqOF4Sd9b3BnUm23UVBlPn6IUAItUhg5 lBxa8A32SptvWG4TiN/b86dUdtPOjVJjLldOT+0Yw+RTa2nUzwGmxplWfpzCIQZ3 4vSqarcJJzI= =6rfc -----END PGP SIGNATURE-----