--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-24bd6c9d4a
2018-11-04 22:07:59.808330
--------------------------------------------------------------------------------
Name : systemd
Product : Fedora 28
Version : 238
Release : 10.git438ac26.fc28
URL :
http://www.freedesktop.org/wiki/Software/systemd
Summary : System and Service Manager
Description :
systemd is a system and service manager that runs as PID 1 and starts
the rest of the system. It provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux control groups, maintains mount and automount points, and
implements an elaborate transactional dependency-based service control
logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname,
date, locale, maintain a list of logged-in users and running
containers and virtual machines, system accounts, runtime directories
and settings, and daemons to manage simple network configuration,
network time synchronization, log forwarding, and name resolution.
--------------------------------------------------------------------------------
Update Information:
- Fix a local vulnerability from a race condition in chown-recursive
(CVE-2018-15687, #1643367) - Fix a local vulnerability from invalid handling of
long lines in state deserialization (CVE-2018-15686, #1643372) - Fix a remote
vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362) -
Downgrade logging of various messages and add loging in other places - Many many
fixes in error handling and minor memory leaks and such - Fix typos and
omissions in documentation - Various smaller improvements to unit ordering and
dependencies - Handling of invalid (intentionally corrupt) dbus messages is
improved, fixing potential local DOS avenues - The target of symlinks links in
.wants/ and .requires/ is now ignored. This fixes an issue where the unit file
would sometimes be loaded from such a symlink, leading to non-deterministic unit
contents. - Filtering of kernel threads is improved. This fixes an issues with
newer kernels where hybrid kernel/user threads are used by bpfilter. - Catalog
entries for the journal are improved (#1639482) No need to reboot or log out.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
238-10.git438ac26
- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687,
#1643367)
- Fix a local vulnerability from invalid handling of long lines in state deserialization
(CVE-2018-15686, #1643372)
- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362)
- Downgrade logging of various messages and add loging in other places
- Many many fixes in error handling and minor memory leaks and such
- Fix typos and omissions in documentation
- Various smaller improvements to unit ordering and dependencies
- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential
local DOS avenues
- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an
issue where
the unit file would sometimes be loaded from such a symlink, leading to
non-deterministic unit contents.
- Filtering of kernel threads is improved. This fixes an issues with newer kernels where
hybrid kernel/user
threads are used by bpfilter.
- Catalog entries for the journal are improved (#1639482)
* Wed Jul 18 2018 Terje Rosten <terje.rosten(a)ntnu.no> - 238-9.git0e0aa59
- Ignore return value from systemd-binfmt in scriptlet (#1565425)
* Fri May 11 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
238-8.git0e0aa59
- Backport a number of patches (documentation, hwdb updates)
- Fixes for tmpfiles 'e' entries
- systemd-networkd crashes
- XEN virtualization detection on hyper-v
- Avoid relabelling /sys/fs/cgroup if not needed (#1576240)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1639482 - journalctl reports a totally useless ' The start-up result is
RESULT.' and "Failed with result 'exit-code'.
https://bugzilla.redhat.com/show_bug.cgi?id=1639482
[ 2 ] Bug #1643362 - CVE-2018-15688 systemd: Out-of-bounds heap write in
systemd-networkd dhcpv6 option handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1643362
[ 3 ] Bug #1643372 - CVE-2018-15686 systemd: Line splitting via fgets() allows for state
injection during daemon-reexec [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1643372
[ 4 ] Bug #1643367 - CVE-2018-15687 systemd: Dereference of symlinks in
chown_recursive.c:chown_one() allows for modification of file privileges [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1643367
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-24bd6c9d4a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------