openSUSE Build Service

Security update for systemd

This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles
which allowed a local user to obtain ownership of arbitrary files (bsc#1080919).
- CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352).

Non-security issues fixed:

- systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- core: only watch processes when it's really necessary (bsc#955942 bsc#1128657)
- rules: load drivers only on "add" events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- Do not automatically online memory on s390x (bsc#1127557)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Submitted by Franck Bui (fbui)

Fixed bugs

VUL-0: CVE-2018-6954: systemd: systemd-tmpfiles mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files

bnc#1132721

L3: Customer encountered the systemd issue small BUS_WQUEUE_MAX #4068 with systemd-228-150.63.1

bnc#1125352

VUL-0: CVE-2019-6454: systemd: crashes in long dbus messages

bnc#1127557

SLES 12 SP4 - Linux activates all reserve memory on IPL (systemd?)

bnc#1128657

systemd: failed to restart timer.service after problem "Failed to watch PID 11353 from service timer.service"

bnc#1121563

GCC 9: systemd build fails

bnc#1132348

VUL-1: CVE-2019-3842: systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"