SUSE-SU-2026:0990-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20260990-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0990-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2026:0990-1
- Upstream
- Related
- Published
- 2026-03-24T07:22:51Z
- Modified
- 2026-03-25T08:32:16.303875Z
- Summary
- Security update for systemd
- Details
-
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 566517ffcb machined: reject invalid class types when registering machines
- abbdd89d78 udev: fix review mixup
- c9cedd26be udev-builtin-net-id: print cescaped bad attributes
- c0f4ec3db9 udev: ensure tag parsing stays within bounds
- 38afcb73cc udev: ensure there is space for trailing NUL before calling sprintf
- a64247de62 udev: check for invalid chars in various fields received from the kernel
- ecce32966e core/cgroup: avoid one unnecessary strjoina()
- 6abd2b5bd2 core: validate input cgroup path more prudently
- 2d7d93d6c1 alloc-util: add strdupasafe() + strndupasafe() and use it everywhere
- References
Affected packages
SUSE:Linux Enterprise Micro 5.2 / systemd
Package
- Name
- systemd
- Purl
- pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed246.16-150300.7.65.1
Ecosystem specific
{
"binaries": [
{
"udev": "246.16-150300.7.65.1",
"systemd": "246.16-150300.7.65.1",
"systemd-container": "246.16-150300.7.65.1",
"libsystemd0": "246.16-150300.7.65.1",
"libudev1": "246.16-150300.7.65.1",
"systemd-sysvinit": "246.16-150300.7.65.1",
"systemd-journal-remote": "246.16-150300.7.65.1"
}
]
}