openSUSE Security Update : systemd (openSUSE-SU-2013:1528-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This systemd update fixes several security and non-security issues.

- polkit-Avoid-race-condition-in-scraping-proc.patch:
VUL-0: polkit: process subject race condition
(bnc#836932) CVE-2013-4288.

- Don't use a trigger to create symlink for sysctl.conf,
always run the test on %post (bnc#840864).

- Move symlink migration trigger to post (bnc#821800).

- Add systemd-fix-crash-listing-session-files.patch
(bnc#840055).

See also :

http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html
https://bugzilla.novell.com/show_bug.cgi?id=821800
https://bugzilla.novell.com/show_bug.cgi?id=836932
https://bugzilla.novell.com/show_bug.cgi?id=840055
https://bugzilla.novell.com/show_bug.cgi?id=840864

Solution :

Update the affected systemd packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75158 ()

Bugtraq ID: 62511

CVE ID: CVE-2013-4288

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now