Overview

File _patchinfo of Package patchinfo.27123

<patchinfo incident="27123">
  <issue tracker="bnc" id="1205000">VUL-0: CVE-2022-4415: EMBARGOED: systemd-coredump: systemd-coredump not respecting fs.suid_dumpable kernel setting</issue>
  <issue tracker="bnc" id="1204968">VUL-0: CVE-2022-3821: systemd: buffer overrun in format_timespan() function.</issue>
  <issue tracker="bnc" id="1197244">SLES12sp5: systemd-detect-virt reporting 'vm-other' for Dom0 using AMD CPU instead of 'none'</issue>
  <issue tracker="bnc" id="1191502">clarify systemd.mount man page for noauto/auto when x-systemd.automount is used</issue>
  <issue tracker="bnc" id="1195529">SLES12sp5: tape-library /dev/tape/by-id/scsi-&lt;id&gt; switches between st/sg devices Description</issue>
  <issue tracker="bnc" id="1204423">udev rule 80-hotplug-cpu-mem.rules tries to unconditionally online CPUs on Power LPARs resulting in journal errors  -  ref:_00D1igLOd._5005qCQJtZ:ref</issue>
  <issue tracker="bnc" id="1198507">gnome-session-binary started by systemd --user which does not run pam_loginuid.so</issue>
  <issue tracker="bnc" id="1206985">systemd Assertion 's-&gt;type == SERVICE_ONESHOT' failed at src/core/service.c:1782, function service_enter_start(). Aborting.</issue>
  <issue tracker="bnc" id="1208958">VUL-0: CVE-2023-26604: systemd: privilege escalation via the less pager</issue>
  <issue tracker="cve" id="2023-26604"/>
  <issue tracker="cve" id="2022-4415"/>
  <issue tracker="cve" id="2022-3821"/>
  <packager>fbui</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes the following issues:

- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

Bug fixes:

- Restrict cpu rule to x86_64, and also update the rule files to make use of the "CONST{arch}" syntax (bsc#1204423).
- Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507).
- Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244).
- Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529).
- Fixed 'man' tweak description of auto/noauto (bsc#1191502).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places