File _patchinfo of Package patchinfo.43003

<patchinfo incident="43003">
  <!--generated with prepare-update from request 404205-->
  <issue tracker="bnc" id="1259418">VUL-0: EMBARGOED: CVE-2026-29111: systemd: local unprivileged user can trigger an assert in systemd</issue>
  <issue tracker="bnc" id="1259650">VUL-0: CVE-2026-4105: systemd: privilege escalation due to improper access control in RegisterMachine D-Bus method</issue>
  <issue tracker="bnc" id="1259697">VUL-0: EMBARGOED: systemd: udev: local root execution via malicious hardware devices and unsanitized kernel output</issue>
  <issue tracker="cve" id="2026-4105"/>
  <issue tracker="cve" id="2026-29111"/>
  <category>security</category>
  <rating>important</rating>
  <packager>fbui</packager>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes the following issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).

Changelog:

- a943e3ce2f machined: reject invalid class types when registering machines
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
</description>
  <reboot_needed/>
</patchinfo>