Fedora 29 : systemd (2018-c402eea18b)

Critical Nessus Plugin ID 120769

Synopsis

The remote Fedora host is missing a security update.

Description

- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)

- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)

- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)

- The DHCP server is started only when link is UP

- DHCPv6 prefix delegation is improved

- Downgrade logging of various messages and add loging in other places

- Many many fixes in error handling and minor memory leaks and such

- Fix typos and omissions in documentation

- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatibility preserved)

- Matching by MACAddress= in systemd-networkd is fixed

- Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)

- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0

- Aliases are now resolved when loading modules from pid1.
This is a (redundant) fix for a brief kernel regression.

- 'systemctl --wait start' exits immediately if no valid units are named

- zram devices are not considered as candidates for hibernation

- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)

- Various smaller improvements to unit ordering and dependencies

- generators are now called with the manager's environment

- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues

- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.

- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.

- 'noresume' can be used on the kernel command line to force normal boot even if a hibernation images is present

- Hibernation is not advertised if resume= is not present on the kernenl command line

- Hibernation/Suspend/... modes can be disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=

- LOGO= and DOCUMENTATION_URL= are documented for the os-release file

- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries

- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects

- Catalog entries for the journal are improved (#1639482)

- If suspend fails, the post-suspend hooks are still called.

- Various build issues on less-common architectures are fixed

No need to reboot or log out.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected systemd package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-c402eea18b

Plugin Details

Severity: Critical

ID: 120769

File Name: fedora_2018-c402eea18b.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/01/03

Updated: 2019/07/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:systemd, cpe:/o:fedoraproject:fedora:29

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/11/01

Vulnerability Publication Date: 2018/10/26

Reference Information

CVE: CVE-2018-15686, CVE-2018-15687, CVE-2018-15688