SUSE-SU-2019:0426-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:0426-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:0426-1
- Related
- Published
- 2019-02-18T16:46:59Z
- Modified
- 2019-02-18T16:46:59Z
- Summary
- Security update for systemd
- Details
-
This update for systemd fixes the following issues:
CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352)
units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
- logind: fix bad error propagation
- login: log session state 'closing' (as well as New/Removed)
- logind: fix borked r check
- login: don't remove all devices from PID1 when only one was removed
- login: we only allow opening character devices
- login: correct comment in sessiondevicefree()
- login: remember that fds received from PID1 need to be removed eventually
- login: fix FDNAME in call to sdpidnotifywithfds()
- logind: fd 0 is a valid fd
- logind: rework sd_eviocrevoke()
- logind: check file is device node before using .st_rdev
- logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)
- core: add a new sd_notify() message for removing fds from the FD store again
- logind: make sure we don't trip up on half-initialized session devices (bsc#1123727)
- fd-util: accept that kcmp might fail with EPERM/EACCES
- core: Fix use after free case in loadfrompath() (bsc#1121563)
- core: include Found state in device dumps
- device: fix serialization and deserialization of DeviceFound
- fix path in btrfs rule (#6844)
- assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)
- Update systemd-system.conf.xml (bsc#1122000)
- units: inform user that the default target is started after exiting from rescue or emergency mode
- core: free lines after reading them (bsc#1123892)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed
- automount: don't pass non-blocking pipe to kernel.
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20190426-1/
- https://bugzilla.suse.com/1117025
- https://bugzilla.suse.com/1121563
- https://bugzilla.suse.com/1122000
- https://bugzilla.suse.com/1123333
- https://bugzilla.suse.com/1123727
- https://bugzilla.suse.com/1123892
- https://bugzilla.suse.com/1124153
- https://bugzilla.suse.com/1125352
- https://www.suse.com/security/cve/CVE-2019-6454
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 / systemd
Package
- Name
- systemd
- Purl
- purl:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed234-24.25.1
Ecosystem specific
{
"binaries": [
{
"systemd": "234-24.25.1",
"libsystemd0": "234-24.25.1",
"systemd-devel": "234-24.25.1",
"libudev-devel": "234-24.25.1",
"udev": "234-24.25.1",
"libudev1": "234-24.25.1",
"systemd-coredump": "234-24.25.1",
"libudev1-32bit": "234-24.25.1",
"systemd-32bit": "234-24.25.1",
"systemd-bash-completion": "234-24.25.1",
"libsystemd0-32bit": "234-24.25.1",
"systemd-container": "234-24.25.1",
"systemd-sysvinit": "234-24.25.1"
}
]
}