Overview

File _patchinfo of Package patchinfo.10232

<patchinfo incident="10232">

  <issue tracker="cve" id="2019-3842"/>
  <issue tracker="cve" id="2018-6954"/>
  <issue tracker="cve" id="2019-6454"/>
  <issue tracker="bnc" id="1080919">VUL-0: CVE-2018-6954: systemd: systemd-tmpfiles mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files</issue>
  <issue tracker="bnc" id="1132721">L3: Customer encountered the systemd issue small BUS_WQUEUE_MAX #4068 with systemd-228-150.63.1</issue>
  <issue tracker="bnc" id="1125352">VUL-0: CVE-2019-6454: systemd: crashes in long dbus messages</issue>
  <issue tracker="bnc" id="1127557">SLES 12 SP4 - Linux activates all reserve memory on IPL (systemd?)</issue>
  <issue tracker="bnc" id="1128657">systemd: failed to restart timer.service after problem "Failed to watch PID 11353 from service timer.service"</issue>
  <issue tracker="bnc" id="1121563">GCC 9: systemd build fails</issue>
  <issue tracker="bnc" id="1132348">VUL-1: CVE-2019-3842: systemd:  Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"</issue>
  <issue tracker="bnc" id="1130230">quilt: fails to unpack systemd.spec</issue>
  <issue tracker="bnc" id="955942">systemd  Failed to watch PID error</issue>
  <issue tracker="bnc" id="1126056">SLES 12 SP4 - Problems with chcpu on large s390x LPARs (util-linux?/systemd?)</issue>
  <issue tracker="bnc" id="1132400">udev: debug log spammed with "maximum number (248) of children reached"</issue>
  <packager>fbui</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles 
  which allowed a local user to obtain ownership of arbitrary files (bsc#1080919).
- CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352).

Non-security issues fixed:

- systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- core: only watch processes when it's really necessary (bsc#955942 bsc#1128657)
- rules: load drivers only on "add" events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- Do not automatically online memory on s390x (bsc#1127557)

This update was imported from the SUSE:SLE-12-SP2:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places