openSUSE Security Update : systemd (openSUSE-2018-117)

medium Nessus Plugin ID 106548
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 3.6

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for systemd fixes several issues.

This security issue was fixed :

- CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308).

These non-security issues were fixed :

- core: don't choke if a unit another unit triggers vanishes during reload

- delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX

- delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428)

- delta: check if a prefix needs to be skipped only once

- delta: skip symlink paths when split-usr is enabled (#4591)

- sysctl: use raw file descriptor in sysctl_write (#7753)

- sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254)

- Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case:
'/dev/disk/by-id/cr_-xxx'.

- sysctl: disable buffer while writing to /proc (bsc#1071558)

- Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558)

- sysctl: no need to check for eof twice

- def: add new constant LONG_LINE_MAX

- fileio: add new helper call read_line() as bounded getline() replacement

- service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156)

- gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)

- gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422)

- fstab-util: introduce fstab_has_fstype() helper

- fstab-generator: ignore root=/dev/nfs (#3591)

- fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452)

- virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510)

- analyze: replace --no-man with --man=no in the man page (bsc#1068251)

- udev: net_setup_link: don't error out when we couldn't apply link config (#7328)

- Add missing /etc/systemd/network directory

- Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)

- sd-bus: use -- when passing arguments to ssh (#6706)

- systemctl: make sure we terminate the bus connection first, and then close the pager (#3550)

- sd-bus: bump message queue size (bsc#1075724)

- tmpfiles: downgrade warning about duplicate line

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Solution

Update the affected systemd packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1048510

https://bugzilla.opensuse.org/show_bug.cgi?id=1065276

https://bugzilla.opensuse.org/show_bug.cgi?id=1066156

https://bugzilla.opensuse.org/show_bug.cgi?id=1068251

https://bugzilla.opensuse.org/show_bug.cgi?id=1070428

https://bugzilla.opensuse.org/show_bug.cgi?id=1071558

https://bugzilla.opensuse.org/show_bug.cgi?id=1074254

https://bugzilla.opensuse.org/show_bug.cgi?id=1075724

https://bugzilla.opensuse.org/show_bug.cgi?id=1076308

https://bugzilla.opensuse.org/show_bug.cgi?id=897422

Plugin Details

Severity: Medium

ID: 106548

File Name: openSUSE-2018-117.nasl

Version: 3.3

Type: local

Agent: unix

Published: 2/1/2018

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

VPR Score: 3.6

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsystemd0, p-cpe:/a:novell:opensuse:libsystemd0-32bit, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsystemd0-mini, p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo, p-cpe:/a:novell:opensuse:libudev-devel, p-cpe:/a:novell:opensuse:libudev-mini-devel, p-cpe:/a:novell:opensuse:libudev-mini1, p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo, p-cpe:/a:novell:opensuse:libudev1, p-cpe:/a:novell:opensuse:libudev1-32bit, p-cpe:/a:novell:opensuse:libudev1-debuginfo, p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit, p-cpe:/a:novell:opensuse:nss-myhostname, p-cpe:/a:novell:opensuse:nss-myhostname-32bit, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit, p-cpe:/a:novell:opensuse:nss-mymachines, p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo, p-cpe:/a:novell:opensuse:systemd, p-cpe:/a:novell:opensuse:systemd-32bit, p-cpe:/a:novell:opensuse:systemd-bash-completion, p-cpe:/a:novell:opensuse:systemd-debuginfo, p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit, p-cpe:/a:novell:opensuse:systemd-debugsource, p-cpe:/a:novell:opensuse:systemd-devel, p-cpe:/a:novell:opensuse:systemd-logger, p-cpe:/a:novell:opensuse:systemd-mini, p-cpe:/a:novell:opensuse:systemd-mini-bash-completion, p-cpe:/a:novell:opensuse:systemd-mini-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-debugsource, p-cpe:/a:novell:opensuse:systemd-mini-devel, p-cpe:/a:novell:opensuse:systemd-mini-sysvinit, p-cpe:/a:novell:opensuse:systemd-sysvinit, p-cpe:/a:novell:opensuse:udev, p-cpe:/a:novell:opensuse:udev-debuginfo, p-cpe:/a:novell:opensuse:udev-mini, p-cpe:/a:novell:opensuse:udev-mini-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 1/31/2018

Reference Information

CVE: CVE-2017-15908, CVE-2018-1049