Detections
Analytics

openSUSE Security Update : systemd (openSUSE-2018-117)

high Nessus Plugin ID 106548

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for systemd fixes several issues.

This security issue was fixed :

 - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308).

These non-security issues were fixed :

 - core: don't choke if a unit another unit triggers vanishes during reload

 - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX

 - delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428)

 - delta: check if a prefix needs to be skipped only once

 - delta: skip symlink paths when split-usr is enabled (#4591)

 - sysctl: use raw file descriptor in sysctl_write (#7753)

 - sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254)

 - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case:
 '/dev/disk/by-id/cr_-xxx'.

 - sysctl: disable buffer while writing to /proc (bsc#1071558)

 - Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558)

 - sysctl: no need to check for eof twice

 - def: add new constant LONG_LINE_MAX

 - fileio: add new helper call read_line() as bounded getline() replacement

 - service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156)

 - gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)

 - gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422)

 - fstab-util: introduce fstab_has_fstype() helper

 - fstab-generator: ignore root=/dev/nfs (#3591)

 - fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452)

 - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510)

 - analyze: replace --no-man with --man=no in the man page (bsc#1068251)

 - udev: net_setup_link: don't error out when we couldn't apply link config (#7328)

 - Add missing /etc/systemd/network directory

 - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510)

 - sd-bus: use -- when passing arguments to ssh (#6706)

 - systemctl: make sure we terminate the bus connection first, and then close the pager (#3550)

 - sd-bus: bump message queue size (bsc#1075724)

 - tmpfiles: downgrade warning about duplicate line

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Solution

Update the affected systemd packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1048510

https://bugzilla.opensuse.org/show_bug.cgi?id=1065276

https://bugzilla.opensuse.org/show_bug.cgi?id=1066156

https://bugzilla.opensuse.org/show_bug.cgi?id=1068251

https://bugzilla.opensuse.org/show_bug.cgi?id=1070428

https://bugzilla.opensuse.org/show_bug.cgi?id=1071558

https://bugzilla.opensuse.org/show_bug.cgi?id=1074254

https://bugzilla.opensuse.org/show_bug.cgi?id=1075724

https://bugzilla.opensuse.org/show_bug.cgi?id=1076308

https://bugzilla.opensuse.org/show_bug.cgi?id=897422

Plugin Details

Severity: High

ID: 106548

File Name: openSUSE-2018-117.nasl

Version: 3.3

Type: local

Agent: unix

Published: 2/1/2018

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:systemd-debuginfo, p-cpe:/a:novell:opensuse:nss-myhostname-32bit, p-cpe:/a:novell:opensuse:systemd-mini, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo-32bit, p-cpe:/a:novell:opensuse:libudev-mini1-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-sysvinit, p-cpe:/a:novell:opensuse:nss-myhostname, p-cpe:/a:novell:opensuse:libudev1-debuginfo-32bit, p-cpe:/a:novell:opensuse:systemd-mini-debugsource, p-cpe:/a:novell:opensuse:libsystemd0, p-cpe:/a:novell:opensuse:libudev-devel, p-cpe:/a:novell:opensuse:systemd-mini-debuginfo, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libudev1-debuginfo, p-cpe:/a:novell:opensuse:libsystemd0-debuginfo, p-cpe:/a:novell:opensuse:nss-mymachines-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-bash-completion, p-cpe:/a:novell:opensuse:systemd-debugsource, p-cpe:/a:novell:opensuse:libsystemd0-32bit, p-cpe:/a:novell:opensuse:nss-mymachines, p-cpe:/a:novell:opensuse:systemd-sysvinit, p-cpe:/a:novell:opensuse:udev, p-cpe:/a:novell:opensuse:udev-mini-debuginfo, p-cpe:/a:novell:opensuse:systemd-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsystemd0-mini-debuginfo, p-cpe:/a:novell:opensuse:systemd-logger, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:libudev-mini-devel, p-cpe:/a:novell:opensuse:udev-mini, p-cpe:/a:novell:opensuse:libudev1-32bit, p-cpe:/a:novell:opensuse:systemd-devel, p-cpe:/a:novell:opensuse:libudev-mini1, p-cpe:/a:novell:opensuse:systemd, p-cpe:/a:novell:opensuse:udev-debuginfo, p-cpe:/a:novell:opensuse:systemd-32bit, p-cpe:/a:novell:opensuse:libsystemd0-mini, p-cpe:/a:novell:opensuse:libudev1, p-cpe:/a:novell:opensuse:nss-myhostname-debuginfo, p-cpe:/a:novell:opensuse:systemd-mini-devel, p-cpe:/a:novell:opensuse:systemd-bash-completion

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/31/2018

Reference Information

CVE: CVE-2017-15908, CVE-2018-1049