openSUSE Security Update : systemd (openSUSE-2018-117)

Medium Nessus Plugin ID 106548

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for systemd fixes several issues.

This security issue was fixed :

- CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308).

These non-security issues were fixed :

- core: don't choke if a unit another unit triggers vanishes during reload

- delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX

- delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428)

- delta: check if a prefix needs to be skipped only once

- delta: skip symlink paths when split-usr is enabled (#4591)

- sysctl: use raw file descriptor in sysctl_write (#7753)

- sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254)

- Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case:
'/dev/disk/by-id/cr_-xxx'.

- sysctl: disable buffer while writing to /proc (bsc#1071558)

- Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558)

- sysctl: no need to check for eof twice

- def: add new constant LONG_LINE_MAX

- fileio: add new helper call read_line() as bounded getline() replacement

- service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156)

- gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)

- gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422)

- fstab-util: introduce fstab_has_fstype() helper

- fstab-generator: ignore root=/dev/nfs (#3591)

- fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452)

- virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510)

- analyze: replace --no-man with --man=no in the man page (bsc#1068251)

- udev: net_setup_link: don't error out when we couldn't apply link config (#7328)

- Add missing /etc/systemd/network directory

- Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)

- sd-bus: use -- when passing arguments to ssh (#6706)

- systemctl: make sure we terminate the bus connection first, and then close the pager (#3550)

- sd-bus: bump message queue size (bsc#1075724)

- tmpfiles: downgrade warning about duplicate line

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Solution

Update the affected systemd packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1048510

https://bugzilla.opensuse.org/show_bug.cgi?id=1065276

https://bugzilla.opensuse.org/show_bug.cgi?id=1066156

https://bugzilla.opensuse.org/show_bug.cgi?id=1068251

https://bugzilla.opensuse.org/show_bug.cgi?id=1070428

https://bugzilla.opensuse.org/show_bug.cgi?id=1071558

https://bugzilla.opensuse.org/show_bug.cgi?id=1074254

https://bugzilla.opensuse.org/show_bug.cgi?id=1075724

https://bugzilla.opensuse.org/show_bug.cgi?id=1076308

https://bugzilla.opensuse.org/show_bug.cgi?id=897422

Plugin Details

Severity: Medium

ID: 106548

File Name: openSUSE-2018-117.nasl

Version: Revision: 3.1

Type: local

Agent: unix

Published: 2018/02/01

Updated: 2018/02/01

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsystemd0, p-cpe:/a:novell:opensuse:libsystemd0-32bit, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsystemd0-mini, p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo, p-cpe:/a:novell:opensuse:libudev-devel, p-cpe:/a:novell:opensuse:libudev-mini-devel, p-cpe:/a:novell:opensuse:libudev-mini1, p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo, p-cpe:/a:novell:opensuse:libudev1, p-cpe:/a:novell:opensuse:libudev1-32bit, p-cpe:/a:novell:opensuse:libudev1-debuginfo, p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit, p-cpe:/a:novell:opensuse:nss-myhostname, p-cpe:/a:novell:opensuse:nss-myhostname-32bit, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit, p-cpe:/a:novell:opensuse:nss-mymachines, p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo, p-cpe:/a:novell:opensuse:systemd, p-cpe:/a:novell:opensuse:systemd-32bit, p-cpe:/a:novell:opensuse:systemd-bash-completion, p-cpe:/a:novell:opensuse:systemd-debuginfo, p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit, p-cpe:/a:novell:opensuse:systemd-debugsource, p-cpe:/a:novell:opensuse:systemd-devel, p-cpe:/a:novell:opensuse:systemd-logger, p-cpe:/a:novell:opensuse:systemd-mini, p-cpe:/a:novell:opensuse:systemd-mini-bash-completion, p-cpe:/a:novell:opensuse:systemd-mini-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-debugsource, p-cpe:/a:novell:opensuse:systemd-mini-devel, p-cpe:/a:novell:opensuse:systemd-mini-sysvinit, p-cpe:/a:novell:opensuse:systemd-sysvinit, p-cpe:/a:novell:opensuse:udev, p-cpe:/a:novell:opensuse:udev-debuginfo, p-cpe:/a:novell:opensuse:udev-mini, p-cpe:/a:novell:opensuse:udev-mini-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2018/01/31

Reference Information

CVE: CVE-2017-15908, CVE-2018-1049