File _patchinfo of Package patchinfo.43129

<patchinfo incident="43129">
  <!--generated with prepare-update from request 404204-->
  <issue tracker="bnc" id="1259418">VUL-0: EMBARGOED: CVE-2026-29111: systemd: local unprivileged user can trigger an assert in systemd</issue>
  <issue tracker="bnc" id="1259650">VUL-0: CVE-2026-4105: systemd: privilege escalation due to improper access control in RegisterMachine D-Bus method</issue>
  <issue tracker="bnc" id="1259697">VUL-0: EMBARGOED: systemd: udev: local root execution via malicious hardware devices and unsanitized kernel output</issue>
  <issue tracker="cve" id="2026-4105"/>
  <issue tracker="cve" id="2026-29111"/>
  <category>security</category>
  <rating>important</rating>
  <packager>fbui</packager>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes the following issues:

- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).  

Changelog:

- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user@.service
</description>
  <reboot_needed/>
</patchinfo>