openSUSE Security Update : systemd (openSUSE-2017-806)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for systemd fixes the following issues :

Security issue fixed :

- CVE-2017-9217: resolved: Fix NULL pointer p->question
dereferencing that could lead to resolved aborting
(bsc#1040614)

The update also fixed several non-security bugs :

- core/mount: Use the '-c' flag to not canonicalize paths
when calling /bin/umount

- automount: Handle expire_tokens when the mount unit
changes its state (bsc#1040942)

- automount: Rework propagation between automount and
mount units

- build: Make sure tmpfiles.d/systemd-remote.conf get
installed when necessary

- build: Fix systemd-journal-upload installation

- basic: Detect XEN Dom0 as no virtualization
(bsc#1036873)

- virt: Make sure some errors are not ignored

- fstab-generator: Do not skip Before= ordering for noauto
mountpoints

- fstab-gen: Do not convert device timeout into seconds
when initializing JobTimeoutSec

- core/device: Use JobRunningTimeoutSec= for device units
(bsc#1004995)

- fstab-generator: Apply the _netdev option also to device
units (bsc#1004995)

- job: Add JobRunningTimeoutSec for JOB_RUNNING state
(bsc#1004995)

- job: Ensure JobRunningTimeoutSec= survives serialization
(bsc#1004995)

- rules: Export NVMe WWID udev attribute (bsc#1038865)

- rules: Introduce disk/by-id (model_serial) symbolic
links for NVMe drives

- rules: Add rules for NVMe devices

- sysusers: Make group shadow support configurable
(bsc#1029516)

- core: When deserializing a unit, fully restore its
cgroup state (bsc#1029102)

- core: Introduce
cg_mask_from_string()/cg_mask_to_string()

- core:execute: Fix handling failures of calling fork() in
exec_spawn() (bsc#1040258)

- Fix systemd-sysv-convert when a package starts shipping
service units (bsc#982303) The database might be missing
when upgrading a package which was shipping no sysv init
scripts nor unit files (at the time --save was called)
but the new version start shipping unit files.

- Disable group shadow support (bsc#1029516)

- Only check signature job error if signature job exists
(bsc#1043758)

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1004995
https://bugzilla.opensuse.org/show_bug.cgi?id=1029102
https://bugzilla.opensuse.org/show_bug.cgi?id=1029516
https://bugzilla.opensuse.org/show_bug.cgi?id=1036873
https://bugzilla.opensuse.org/show_bug.cgi?id=1038865
https://bugzilla.opensuse.org/show_bug.cgi?id=1040258
https://bugzilla.opensuse.org/show_bug.cgi?id=1040614
https://bugzilla.opensuse.org/show_bug.cgi?id=1040942
https://bugzilla.opensuse.org/show_bug.cgi?id=1043758
https://bugzilla.opensuse.org/show_bug.cgi?id=982303

Solution :

Update the affected systemd packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 101516 ()

Bugtraq ID:

CVE ID: CVE-2017-9217

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now