--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-8a7dfdf1f3
2019-09-19 01:51:58.382305
--------------------------------------------------------------------------------
Name : systemd
Product : Fedora 29
Version : 239
Release : 14.git33ccd62.fc29
URL :
https://www.freedesktop.org/wiki/Software/systemd
Summary : System and Service Manager
Description :
systemd is a system and service manager that runs as PID 1 and starts
the rest of the system. It provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux control groups, maintains mount and automount points, and
implements an elaborate transactional dependency-based service control
logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname,
date, locale, maintain a list of logged-in users, system accounts,
runtime directories and settings, and daemons to manage simple network
configuration, network time synchronization, log forwarding, and name
resolution.
--------------------------------------------------------------------------------
Update Information:
- Security issue: unprivileged users were allowed to change DNS servers
configured in systemd-resolved (CVE-2019-15718) - hwdb entries for keyboards are
updated to the latest version (#1725717) No need to log out or reboot.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 3 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-14.git33ccd62
- Security issue: unprivileged users were allowed to change DNS
servers configured in systemd-resolved.
- hwdb entries for keyboards are updated to the latest version (#1725717)
* Sat Jul 20 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-13.gitf4afb95
- Fix systemd-mount with CIFS (#1708996)
- Minor build and documentation fixes
- Fix udev rule for Parallels video adapter (#1712842)
* Wed Feb 20 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-12.git8bca462
- Prevent buffer overread in systemd-udevd
- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454)
* Fri Feb 8 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-11.git4dc7dce
- Revert one of the patches to reduce journald memory usage because of selinux troubles
* Thu Feb 7 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-10.git4dc7dce
- Fix large memory usage by systemd-journald (#1665931)
- Some minor fixes to systemd-nspawn, udevadm, documentation and logging
* Fri Jan 25 2019 Adam Williamson <awilliam(a)redhat.com> - 239-9.gite339eae
- Requires(post) openssl-libs to fix live image build machine-id issue
See:
https://pagure.io/dusty/failed-composes/issue/960
* Fri Jan 11 2019 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-8.gite339eae
- systemd-journald and systemd-journal-remote reject entries which
contain too many fields (CVE-2018-16865, #1664973) and set limits on the
process' command line length (CVE-2018-16864, #1664972)
- Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald
(CVE-2018-16866, #1664975)
- A signal is again used to stop user sessions instead of dbus (#1664491)
* Mon Dec 17 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-7.git9f3aed1
- Hibernation checks for resume= are rescinded (#1645870)
- Various patches:
- memory issues in logind, networkd, journald (#1653068), sd-device, etc.
- Adaptations for newer meson, lz4, kernel
- Fixes for misleading bugs in documentation
- net.ipv4.conf.all.rp_filter is changed from 1 to 2
* Sun Oct 28 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-6.git9f3aed1
- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687,
#1639076)
- Fix a local vulnerability from invalid handling of long lines in state deserialization
(CVE-2018-15686, #1639071)
- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
- The DHCP server is started only when link is UP
- DHCPv6 prefix delegation is improved
- Downgrade logging of various messages and add loging in other places
- Many many fixes in error handling and minor memory leaks and such
- Fix typos and omissions in documentation
- Typo in %_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
- Matching by MACAddress= in systemd-networkd is fixed
- Creation of user runtime directories is improved, and the user
manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to
use DynamicUser=0
- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a
brief kernel regression.
- "systemctl --wait start" exits immediately if no valid units are named
- zram devices are not considered as candidates for hibernation
- ECN is not requested for both in- and out-going connections (the sysctl overide for
net.ipv4.tcp_ecn is removed)
- Various smaller improvements to unit ordering and dependencies
- generators are now called with the manager's environment
- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential
local DOS avenues
- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an
issue where
the unit file would sometimes be loaded from such a symlink, leading to
non-deterministic unit contents.
- Filtering of kernel threads is improved. This fixes an issues with newer kernels where
hybrid kernel/user
threads are used by bpfilter.
- "noresume" can be used on the kernel command line to force normal boot even if
a hibernation images is present
- Hibernation is not advertised if resume= is not present on the kernenl command line
- Hibernation/Suspend/... modes can be disabled using AllowSuspend=,
AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
- LOGO= and DOCUMENTATION_URL= are documented for the os-release file
- The hashmap mempool is now only used internally in systemd, and is disabled for external
users of the systemd libraries
- Additional state is serialized/deserialized when logind is restarted, fixing the
handling of user objects
- Catalog entries for the journal are improved (#1639482)
- If suspend fails, the post-suspend hooks are still called.
- Various build issues on less-common architectures are fixed
* Wed Oct 3 2018 Jan Syn����ek <jsynacek(a)redhat.com> - 239-5
- Fix line_begins() to accept word matching full string (#1631840)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1725717 - Update 60-keyboard.hwdb to the latest upstream version
https://bugzilla.redhat.com/show_bug.cgi?id=1725717
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-8a7dfdf1f3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------