Overview

File _patchinfo of Package patchinfo.43321

<patchinfo incident="43321">
  <!--generated with prepare-update from request 404202-->
  <issue tracker="bnc" id="1259650">VUL-0: CVE-2026-4105: systemd: privilege escalation due to improper access control in RegisterMachine D-Bus method</issue>
  <issue tracker="bnc" id="1259697">VUL-0: EMBARGOED: systemd: udev: local root execution via malicious hardware devices and unsanitized kernel output</issue>
  <issue tracker="cve" id="2026-4105"/>
  <category>security</category>
  <rating>important</rating>
  <packager>fbui</packager>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes the following issue:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).  

Changelog:

 cbf8ee66ee machined: reject invalid class types when registering machines
 1a55ad48da udev: fix review mixup
 1eba76668c udev-builtin-net-id: print cescaped bad attributes
 cbd4b55380 udev: ensure tag parsing stays within bounds
 5973d3b1cc udev: ensure there is space for trailing NUL before calling sprintf
 f038eb6c8b udev: check for invalid chars in various fields received from the kernel
</description>
  <reboot_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places