Overview

File _patchinfo of Package patchinfo.4624

<patchinfo incident="4624">
  <packager>fbui</packager>
  <issue tracker="cve" id="2014-9770"></issue>
  <issue tracker="cve" id="2015-8842"></issue>
  <issue tracker="bnc" id="959886">Fails to provide echo/prompt in EMERGENCY mode</issue>
  <issue tracker="bnc" id="960158">nfs-utils and nfs-server make systemd fill up the logs ....</issue>
  <issue tracker="bnc" id="963230">systemd ignores systemd.log_level=debug in cmdline with quiet</issue>
  <issue tracker="bnc" id="965897">hostnamectl set-hostname fails to set hostnames with "." at position 64 if hostname longer than 64 characters for OpenStack guest</issue>
  <issue tracker="bnc" id="967122">systemctl bash completion not working properly for "start" able services</issue>
  <issue tracker="bnc" id="970423">systemd: fstab-generator doesnt honor automount option</issue>
  <issue tracker="bnc" id="970860">missing support for gpio triggered graceful system shutdown</issue>
  <issue tracker="bnc" id="972612">VUL-1: CVE-2014-9770: systemd: Archived journal files are world readable</issue>
  <issue tracker="bnc" id="972727">dmsetup remove always fails when the --force option is used</issue>
  <issue tracker="fate" id="318444"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for systemd</summary>
  <description>This update for systemd fixes several issues:

  e5e362a udev: exclude MD from block device ownership event locking
  8839413 udev: really exclude device-mapper from block device ownership event locking
  66782e6 udev: exclude device-mapper from block device ownership event locking (bsc#972727)
  1386f57 tmpfiles: explicitly set mode for /run/log
  faadb74 tmpfiles: don't allow read access to journal files to users not in systemd-journal
  9b1ef37 tmpfiles: don't apply sgid and executable bit to journal files, only the directories they are contained in
  011c39f tmpfiles: add ability to mask access mode by pre-existing access mode on files/directories
  07e2d60 tmpfiles: get rid of "m" lines
  d504e28 tmpfiles: various modernizations
  f97250d systemctl: no need to pass --all if inactive is explicitly requested in list-units (bsc#967122)
  2686573 fstab-generator: fix automount option and don't start associated mount unit at boot (bsc#970423)
  5c1637d login: support more than just power-gpio-key (fate#318444) (bsc#970860)
  2c95ecd logind: add standard gpio power button support (fate#318444) (bsc#970860)
  af3eb93 Revert "log-target-null-instead-kmsg"
  555dad4 shorten hostname before checking for trailing dot (bsc#965897)
  522194c Revert "log: honour the kernel's quiet cmdline argument" (bsc#963230)
  cc94e47 transaction: downgrade warnings about wanted unit which are not found (bsc#960158)
  eb3cfb3 Revert "vhangup-on-all-consoles"
  0c28752 remove WorkingDirectory parameter from emergency, rescue and console-shell.service (bsc#959886)

- Don't allow read access to journal files to users (boo#972612 CVE-2014-9770 CVE-2015-8842)
  Remove the world read bit from the permissions of (persistent)
  archived journals. This was incorrectly set due to backported commit
  18afa5c2a7a6c215.
  For the same reasons we also have to fix the permissions of
  /run/log/journal/&amp;lt;machine-id&amp;gt; directory to make sure that regular
  user won't access to its content.

- spec: remove libudev1 runtime dependencies on udev</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places