File _patchinfo of Package patchinfo.9885

<patchinfo incident="9885">
  <issue tracker="bnc" id="1120323">CVE-2018-16864, CVE-2018-16865, CVE-2018-16866: systemd: Qualys Security Advisory</issue>
  <issue tracker="bnc" id="1113665">CVE-2018-15686: systemd: Line splitting via fgets() allows for state injection during daemon-reexec</issue>
  <issue tracker="bnc" id="1068588">/var/log/warn flooded with snmpagentmonitor.service errors</issue>
  <issue tracker="bnc" id="1071558">sysctl character limitation</issue>
  <issue tracker="cve" id="2018-16865"/>
  <issue tracker="cve" id="2018-16864"/>
  <issue tracker="cve" id="2018-15686"/>
  <category>security</category>
  <rating>important</rating>
  <packager>fbui</packager>
  <description>This update for systemd fixes the following issues:

* Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323):
  Both issues were memory corruptions via attacker-controlled alloca which could
  have been used to gain root privileges by a local attacker.

* Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in
  unit_deserialize of systemd used to allow an attacker to supply arbitrary
  state across systemd re-execution via NotifyAccess. This could have been used
  to improperly influence systemd execution and possibly lead to root privilege
  escalation.

* Remedy 2048 character line-length limit in systemd-sysctl code that would
  cause parser failures if /etc/sysctl.conf contained lines that exceeded this
  length (bsc#1071558).

* Fix a bug in systemd's core timer code that would cause timer looping under
  certain conditions, resulting in hundreds of syslog messages being written to
  the journal (bsc#1068588).
</description>
  <summary>Security update for systemd</summary>
</patchinfo>