Detections
Analytics

openSUSE Security Update : systemd (openSUSE-2017-806)

high Nessus Plugin ID 101516

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for systemd fixes the following issues :

Security issue fixed :

 - CVE-2017-9217: resolved: Fix NULL pointer p->question dereferencing that could lead to resolved aborting (bsc#1040614)

The update also fixed several non-security bugs :

 - core/mount: Use the '-c' flag to not canonicalize paths when calling /bin/umount

 - automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942)

 - automount: Rework propagation between automount and mount units

 - build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary

 - build: Fix systemd-journal-upload installation

 - basic: Detect XEN Dom0 as no virtualization (bsc#1036873)

 - virt: Make sure some errors are not ignored

 - fstab-generator: Do not skip Before= ordering for noauto mountpoints

 - fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec

 - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)

 - fstab-generator: Apply the _netdev option also to device units (bsc#1004995)

 - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)

 - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)

 - rules: Export NVMe WWID udev attribute (bsc#1038865)

 - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives

 - rules: Add rules for NVMe devices

 - sysusers: Make group shadow support configurable (bsc#1029516)

 - core: When deserializing a unit, fully restore its cgroup state (bsc#1029102)

 - core: Introduce cg_mask_from_string()/cg_mask_to_string()

 - core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258)

 - Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files.

 - Disable group shadow support (bsc#1029516)

 - Only check signature job error if signature job exists (bsc#1043758)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Solution

Update the affected systemd packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1004995

https://bugzilla.opensuse.org/show_bug.cgi?id=1029102

https://bugzilla.opensuse.org/show_bug.cgi?id=1029516

https://bugzilla.opensuse.org/show_bug.cgi?id=1036873

https://bugzilla.opensuse.org/show_bug.cgi?id=1038865

https://bugzilla.opensuse.org/show_bug.cgi?id=1040258

https://bugzilla.opensuse.org/show_bug.cgi?id=1040614

https://bugzilla.opensuse.org/show_bug.cgi?id=1040942

https://bugzilla.opensuse.org/show_bug.cgi?id=1043758

https://bugzilla.opensuse.org/show_bug.cgi?id=982303

Plugin Details

Severity: High

ID: 101516

File Name: openSUSE-2017-806.nasl

Version: 3.4

Type: local

Agent: unix

Published: 7/13/2017

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:systemd-debuginfo, p-cpe:/a:novell:opensuse:nss-myhostname-32bit, p-cpe:/a:novell:opensuse:systemd-mini, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit, p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-sysvinit, p-cpe:/a:novell:opensuse:nss-myhostname, p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit, p-cpe:/a:novell:opensuse:systemd-mini-debugsource, p-cpe:/a:novell:opensuse:libsystemd0, p-cpe:/a:novell:opensuse:libudev-devel, p-cpe:/a:novell:opensuse:systemd-mini-debuginfo, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libudev1-debuginfo, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo, p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-bash-completion, p-cpe:/a:novell:opensuse:systemd-debugsource, p-cpe:/a:novell:opensuse:libsystemd0-32bit, p-cpe:/a:novell:opensuse:nss-mymachines, p-cpe:/a:novell:opensuse:systemd-sysvinit, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:udev, p-cpe:/a:novell:opensuse:udev-mini-debuginfo, p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo, p-cpe:/a:novell:opensuse:systemd-logger, p-cpe:/a:novell:opensuse:libudev-mini-devel, p-cpe:/a:novell:opensuse:udev-mini, p-cpe:/a:novell:opensuse:libudev1-32bit, p-cpe:/a:novell:opensuse:systemd-devel, p-cpe:/a:novell:opensuse:libudev-mini1, p-cpe:/a:novell:opensuse:systemd, p-cpe:/a:novell:opensuse:udev-debuginfo, p-cpe:/a:novell:opensuse:systemd-32bit, p-cpe:/a:novell:opensuse:libsystemd0-mini, p-cpe:/a:novell:opensuse:libudev1, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-devel, p-cpe:/a:novell:opensuse:systemd-bash-completion

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 7/12/2017

Reference Information

CVE: CVE-2017-9217