SUSE-SU-2019:1364-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1364-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:1364-1
- Related
- Published
- 2019-05-28T08:51:42Z
- Modified
- 2019-05-28T08:51:42Z
- Summary
- Security update for systemd
- Details
-
This update for systemd fixes the following issues:
Security issues fixed:
- CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352).
- CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509).
Non-security issued fixed:
- logind: fix killing of scopes (bsc#1125604)
- namespace: make MountFlags=shared work again (bsc#1124122)
- rules: load drivers only on 'add' events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- Do not automatically online memory on s390x (bsc#1127557)
- Removed sg.conf (bsc#1036463)
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20191364-1/
- https://bugzilla.suse.com/1036463
- https://bugzilla.suse.com/1121563
- https://bugzilla.suse.com/1124122
- https://bugzilla.suse.com/1125352
- https://bugzilla.suse.com/1125604
- https://bugzilla.suse.com/1126056
- https://bugzilla.suse.com/1127557
- https://bugzilla.suse.com/1130230
- https://bugzilla.suse.com/1132348
- https://bugzilla.suse.com/1132400
- https://bugzilla.suse.com/1132721
- https://bugzilla.suse.com/1133506
- https://bugzilla.suse.com/1133509
- https://www.suse.com/security/cve/CVE-2019-3842
- https://www.suse.com/security/cve/CVE-2019-3843
- https://www.suse.com/security/cve/CVE-2019-3844
- https://www.suse.com/security/cve/CVE-2019-6454
- https://bugzilla.suse.com/SLE-5933
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 / systemd
Package
- Name
- systemd
- Purl
- purl:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed234-24.30.1
Ecosystem specific
{
"binaries": [
{
"systemd": "234-24.30.1",
"libsystemd0": "234-24.30.1",
"systemd-devel": "234-24.30.1",
"libudev-devel": "234-24.30.1",
"udev": "234-24.30.1",
"libudev1": "234-24.30.1",
"systemd-coredump": "234-24.30.1",
"libudev1-32bit": "234-24.30.1",
"systemd-32bit": "234-24.30.1",
"systemd-bash-completion": "234-24.30.1",
"libsystemd0-32bit": "234-24.30.1",
"systemd-container": "234-24.30.1",
"systemd-sysvinit": "234-24.30.1"
}
]
}