--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-7322053e74
2019-04-29 01:40:59.966408
--------------------------------------------------------------------------------
Name : systemd
Product : Fedora 30
Version : 241
Release : 8.git9ef65cb.fc30
URL :
https://www.freedesktop.org/wiki/Software/systemd
Summary : System and Service Manager
Description :
systemd is a system and service manager that runs as PID 1 and starts
the rest of the system. It provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux control groups, maintains mount and automount points, and
implements an elaborate transactional dependency-based service control
logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname,
date, locale, maintain a list of logged-in users, system accounts,
runtime directories and settings, and daemons to manage simple network
configuration, network time synchronization, log forwarding, and name
resolution.
This package was built from the 241-stable branch of systemd,
commit
https://github.com/systemd/systemd-stable/commit/9ef65cb.
--------------------------------------------------------------------------------
Update Information:
- Fix hang in flush_accept (#1702358) - Fix handling of RUN keys in udevd - Some
documentation and minor logging fixes - Backport the addition of
RestrictSUIDSGID= from systemd-242 and enable RestrictSUIDSGID=yes for systemd
services which use DynamicUser=yes (#1703356, CVE-2019-3843). The defaults
in v242 were changed to enable RestrictSUIDSGID=yes if DynamicUser=yes is
specified, but this backport doesn't do this and RestrictSUIDSGID=yes has to
be requested explicitly. Maintainers of other services packages for Fedora
should consider doing this. No need to log out or reboot.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 26 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
241-8.git9ef65cb
- Fix hang in flush_accept (#1702358)
- Fix handling of RUN keys in udevd
- Some documentation and minor logging fixes
- Backport the addition of RestrictSUIDSGID= from systemd-242 and enable
RestrictSUIDSGID=yes for systemd services which use DynamicUser=yes
(#1703356, CVE-2019-3843).
The defaults in v242 were changed to enable RestrictSUIDSGID=yes if
DynamicUser=yes is specified, but this backport doesn't do this and
RestrictSUIDSGID=yes has to be requested explicitly. Maintainers of
other services packages for Fedora should consider doing this.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1703356 - CVE-2019-3843 systemd: services with DynamicUser can create
SUID/SGID binaries [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1703356
[ 2 ] Bug #1702358 - Booting ends in shutdown
https://bugzilla.redhat.com/show_bug.cgi?id=1702358
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-7322053e74' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------