openSUSE Security Update : systemd (openSUSE-2016-488)
Low Nessus Plugin ID 90594
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for systemd fixes several issues :
e5e362a udev: exclude MD from block device ownership event locking 8839413 udev: really exclude device-mapper from block device ownership event locking 66782e6 udev: exclude device-mapper from block device ownership event locking (bsc#972727) 1386f57 tmpfiles: explicitly set mode for /run/log faadb74 tmpfiles: don't allow read access to journal files to users not in systemd-journal 9b1ef37 tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in 011c39f tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories 07e2d60 tmpfiles: get rid of 'm' lines d504e28 tmpfiles: various modernizations f97250d systemctl: no need to pass --all if inactive is explicitly requested in list-units (bsc#967122) 2686573 fstab-generator: fix automount option and don't start associated mount unit at boot (bsc#970423) 5c1637d login: support more than just power-gpio-key (fate#318444) (bsc#970860) 2c95ecd logind: add standard gpio power button support (fate#318444) (bsc#970860) af3eb93 Revert 'log-target-null-instead-kmsg' 555dad4 shorten hostname before checking for trailing dot (bsc#965897) 522194c Revert 'log: honour the kernel's quiet cmdline argument' (bsc#963230) cc94e47 transaction:
downgrade warnings about wanted unit which are not found (bsc#960158) eb3cfb3 Revert 'vhangup-on-all-consoles' 0c28752 remove WorkingDirectory parameter from emergency, rescue and console-shell.service (bsc#959886)
- Don't allow read access to journal files to users (boo#972612 CVE-2014-9770 CVE-2015-8842) Remove the world read bit from the permissions of (persistent) archived journals. This was incorrectly set due to backported commit 18afa5c2a7a6c215. For the same reasons we also have to fix the permissions of /run/log/journal/<machine-id> directory to make sure that regular user won't access to its content.
- spec: remove libudev1 runtime dependencies on udev
SolutionUpdate the affected systemd packages.