Security update for systemd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0560-1 Final 1 1 2018-02-27T21:36:56Z current 2018-02-27T21:36:56Z 2018-02-27T21:36:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for systemd This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925) Non Security issues fixed: - core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588) - Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com - Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr. - Enable systemd-networkd on Leap distros only (bsc#1071311) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html E-Mail link for openSUSE-SU-2018:0560-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libsystemd0-228-44.1 libsystemd0-32bit-228-44.1 libsystemd0-mini-228-44.1 libudev-devel-228-44.1 libudev-mini-devel-228-44.1 libudev-mini1-228-44.1 libudev1-228-44.1 libudev1-32bit-228-44.1 nss-myhostname-228-44.1 nss-myhostname-32bit-228-44.1 nss-mymachines-228-44.1 systemd-228-44.1 systemd-32bit-228-44.1 systemd-bash-completion-228-44.1 systemd-devel-228-44.1 systemd-logger-228-44.1 systemd-mini-228-44.1 systemd-mini-bash-completion-228-44.1 systemd-mini-devel-228-44.1 systemd-mini-sysvinit-228-44.1 systemd-sysvinit-228-44.1 udev-228-44.1 udev-mini-228-44.1 libsystemd0-228-44.1 as a component of openSUSE Leap 42.3 libsystemd0-32bit-228-44.1 as a component of openSUSE Leap 42.3 libsystemd0-mini-228-44.1 as a component of openSUSE Leap 42.3 libudev-devel-228-44.1 as a component of openSUSE Leap 42.3 libudev-mini-devel-228-44.1 as a component of openSUSE Leap 42.3 libudev-mini1-228-44.1 as a component of openSUSE Leap 42.3 libudev1-228-44.1 as a component of openSUSE Leap 42.3 libudev1-32bit-228-44.1 as a component of openSUSE Leap 42.3 nss-myhostname-228-44.1 as a component of openSUSE Leap 42.3 nss-myhostname-32bit-228-44.1 as a component of openSUSE Leap 42.3 nss-mymachines-228-44.1 as a component of openSUSE Leap 42.3 systemd-228-44.1 as a component of openSUSE Leap 42.3 systemd-32bit-228-44.1 as a component of openSUSE Leap 42.3 systemd-bash-completion-228-44.1 as a component of openSUSE Leap 42.3 systemd-devel-228-44.1 as a component of openSUSE Leap 42.3 systemd-logger-228-44.1 as a component of openSUSE Leap 42.3 systemd-mini-228-44.1 as a component of openSUSE Leap 42.3 systemd-mini-bash-completion-228-44.1 as a component of openSUSE Leap 42.3 systemd-mini-devel-228-44.1 as a component of openSUSE Leap 42.3 systemd-mini-sysvinit-228-44.1 as a component of openSUSE Leap 42.3 systemd-sysvinit-228-44.1 as a component of openSUSE Leap 42.3 udev-228-44.1 as a component of openSUSE Leap 42.3 udev-mini-228-44.1 as a component of openSUSE Leap 42.3 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. CVE-2017-18078 openSUSE Leap 42.3:libsystemd0-228-44.1 openSUSE Leap 42.3:libsystemd0-32bit-228-44.1 openSUSE Leap 42.3:libsystemd0-mini-228-44.1 openSUSE Leap 42.3:libudev-devel-228-44.1 openSUSE Leap 42.3:libudev-mini-devel-228-44.1 openSUSE Leap 42.3:libudev-mini1-228-44.1 openSUSE Leap 42.3:libudev1-228-44.1 openSUSE Leap 42.3:libudev1-32bit-228-44.1 openSUSE Leap 42.3:nss-myhostname-228-44.1 openSUSE Leap 42.3:nss-myhostname-32bit-228-44.1 openSUSE Leap 42.3:nss-mymachines-228-44.1 openSUSE Leap 42.3:systemd-228-44.1 openSUSE Leap 42.3:systemd-32bit-228-44.1 openSUSE Leap 42.3:systemd-bash-completion-228-44.1 openSUSE Leap 42.3:systemd-devel-228-44.1 openSUSE Leap 42.3:systemd-logger-228-44.1 openSUSE Leap 42.3:systemd-mini-228-44.1 openSUSE Leap 42.3:systemd-mini-bash-completion-228-44.1 openSUSE Leap 42.3:systemd-mini-devel-228-44.1 openSUSE Leap 42.3:systemd-mini-sysvinit-228-44.1 openSUSE Leap 42.3:systemd-sysvinit-228-44.1 openSUSE Leap 42.3:udev-228-44.1 openSUSE Leap 42.3:udev-mini-228-44.1 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html https://www.suse.com/security/cve/CVE-2017-18078.html CVE-2017-18078 https://bugzilla.suse.com/1077925 SUSE Bug 1077925