File _patchinfo of Package patchinfo.43130

<patchinfo incident="43130">
  <!--generated with prepare-update from request 404203-->
  <issue tracker="bnc" id="1259418">VUL-0: EMBARGOED: CVE-2026-29111: systemd: local unprivileged user can trigger an assert in systemd</issue>
  <issue tracker="bnc" id="1259650">VUL-0: CVE-2026-4105: systemd: privilege escalation due to improper access control in RegisterMachine D-Bus method</issue>
  <issue tracker="bnc" id="1259697">VUL-0: EMBARGOED: systemd: udev: local root execution via malicious hardware devices and unsanitized kernel output</issue>
  <issue tracker="cve" id="2026-4105"/>
  <issue tracker="cve" id="2026-29111"/>
  <category>security</category>
  <rating>important</rating>
  <packager>fbui</packager>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes the following issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).  

Changelog:

- 566517ffcb machined: reject invalid class types when registering machines
- abbdd89d78 udev: fix review mixup
- c9cedd26be udev-builtin-net-id: print cescaped bad attributes
- c0f4ec3db9 udev: ensure tag parsing stays within bounds
- 38afcb73cc udev: ensure there is space for trailing NUL before calling sprintf
- a64247de62 udev: check for invalid chars in various fields received from the kernel
- ecce32966e core/cgroup: avoid one unnecessary strjoina()
- 6abd2b5bd2 core: validate input cgroup path more prudently
- 2d7d93d6c1 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
</description>
  <reboot_needed/>
</patchinfo>