Overview

File _patchinfo of Package patchinfo.5274

<patchinfo incident="5274">
  <issue id="982303" tracker="bnc">Updating shows: /usr/sbin/systemd-sysv-convert: line 62: /var/lib/systemd/sysv-convert/database: No such file or directory</issue>
  <issue id="986216" tracker="bnc">softdog wont load in initrd</issue>
  <issue id="1004995" tracker="bnc">_netdev mounts are started too early in SLES 12 SP1</issue>
  <issue id="1029102" tracker="bnc">systemctl won't report TasksCurrent after daemon-reload</issue>
  <issue id="1029516" tracker="bnc">systemd-sysusers creates entries in /etc/gshadow, but groupdel does not remove that</issue>
  <issue id="1032029" tracker="bnc">Grub2/dracut bug during installation (suse_mod_deps: bad array subscript)</issue>
  <issue id="1033238" tracker="bnc">zipl boot environment looks for x86_64 modules on s390x with fips=1 and drops into emergency grub2 shell</issue>
  <issue id="1036873" tracker="bnc">mcelog does not start on a SLES12 SP2 dom0 server</issue>
  <issue id="1037120" tracker="bnc">modinfo warning during initrd build</issue>
  <issue id="1038865" tracker="bnc">NVMe over Fabrics devices don't get picked up by multipathd</issue>
  <issue id="1040153" tracker="bnc">Missing symlink for sas device in /dev/disk/by-path</issue>
  <issue id="1040258" tracker="bnc">systemd : Failed to read server status: Connection reset by peer</issue>
  <issue id="1040614" tracker="bnc">VUL-0: CVE-2017-9217: systemd: systemd-resolved through 233 allows remote attackers to cause a denial ofservice (daemon crash) via a crafted DNS response with an empty questionsection.</issue>
  <issue id="1040942" tracker="bnc">systemd automounter issue in combination with nfs</issue>
  <issue id="1040968" tracker="bnc">systemd automounter issue in combination with nfs</issue>
  <issue id="1043758" tracker="bnc">machinectl pull-tar segfaults in tar_pull_job_on_finished</issue>
  <issue id="1043900" tracker="bnc">dracut --kver should give error messages if this parameter is not found.</issue>
  <issue id="1045290" tracker="bnc">CVE-2017-9445: systemd-resolved: possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS Server</issue>
  <issue id="1046750" tracker="bnc">apparmor is disabled after update from SLE12-SP2 to SLE12-SP3</issue>
  <issue id="2017-9217" tracker="cve" />
  <issue id="2017-9445" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>leonardocf</packager>
  <summary>Security update for systemd</summary>
  <description>This update for systemd provides several fixes and enhancements.

Security issues fixed:

- CVE-2017-9217: Null pointer dereferencing that could lead to resolved aborting. (bsc#1040614)
- CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload
  from a DNS server. (bsc#1045290)

The update also fixed several non-security bugs:

- core/mount: Use the "-c" flag to not canonicalize paths when calling /bin/umount
- automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942)
- automount: Rework propagation between automount and mount units
- build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary
- build: Fix systemd-journal-upload installation
- basic: Detect XEN Dom0 as no virtualization (bsc#1036873)
- virt: Make sure some errors are not ignored
- fstab-generator: Do not skip Before= ordering for noauto mountpoints
- fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec
- core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)
- fstab-generator: Apply the _netdev option also to device units (bsc#1004995)
- job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)
- job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)
- rules: Export NVMe WWID udev attribute (bsc#1038865)
- rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives
- rules: Add rules for NVMe devices
- sysusers: Make group shadow support configurable (bsc#1029516)
- core: When deserializing a unit, fully restore its cgroup state (bsc#1029102)
- core: Introduce cg_mask_from_string()/cg_mask_to_string()
- core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258)
- Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303)
  The database might be missing when upgrading a package which was
  shipping no sysv init scripts nor unit files (at the time --save was
  called) but the new version start shipping unit files.
- Disable group shadow support (bsc#1029516)
- Only check signature job error if signature job exists (bsc#1043758)
- Automounter issue in combination with NFS volumes (bsc#1040968)
- Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153)
- Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places