SUSE-SU-2019:0137-1
Vulnerability Summary
Timeline
Description
Security update for systemd This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696)
Affected Systems
- suse•systemd&distro=SUSE Linux Enterprise Module for Basesystem 15
< 234-24.20.1
References (16)
- https://www.suse.com/support/update/announcement/2019/suse-su-20190137-1/
- https://bugzilla.suse.com/1005023
- https://bugzilla.suse.com/1045723
- https://bugzilla.suse.com/1076696
- https://bugzilla.suse.com/1080919
- https://bugzilla.suse.com/1093753
- https://bugzilla.suse.com/1101591
- https://bugzilla.suse.com/1111498
- https://bugzilla.suse.com/1114933
- https://bugzilla.suse.com/1117063
- https://bugzilla.suse.com/1119971
- https://bugzilla.suse.com/1120323
- https://www.suse.com/security/cve/CVE-2018-16864
- https://www.suse.com/security/cve/CVE-2018-16865
- https://www.suse.com/security/cve/CVE-2018-16866
- https://www.suse.com/security/cve/CVE-2018-6954