-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-8434288a24 2019-02-22 03:12:58.368350 --------------------------------------------------------------------------------
Name : systemd Product : Fedora 29 Version : 239 Release : 12.git8bca462.fc29 URL : https://www.freedesktop.org/wiki/Software/systemd Summary : System and Service Manager Description : systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts of this package are a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution.
-------------------------------------------------------------------------------- Update Information:
- Prevent buffer overread in systemd-udevd - Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) No need to log out or reboot. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 20 2019 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 239-12.git8bca462 - Prevent buffer overread in systemd-udevd - Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) * Fri Feb 8 2019 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 239-11.git4dc7dce - Revert one of the patches to reduce journald memory usage because of selinux troubles * Thu Feb 7 2019 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 239-10.git4dc7dce - Fix large memory usage by systemd-journald (#1665931) - Some minor fixes to systemd-nspawn, udevadm, documentation and logging * Fri Jan 25 2019 Adam Williamson awilliam@redhat.com - 239-9.gite339eae - Requires(post) openssl-libs to fix live image build machine-id issue See: https://pagure.io/dusty/failed-composes/issue/960 * Fri Jan 11 2019 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 239-8.gite339eae - systemd-journald and systemd-journal-remote reject entries which contain too many fields (CVE-2018-16865, #1664973) and set limits on the process' command line length (CVE-2018-16864, #1664972) - Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald (CVE-2018-16866, #1664975) - A signal is again used to stop user sessions instead of dbus (#1664491) * Mon Dec 17 2018 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 239-7.git9f3aed1 - Hibernation checks for resume= are rescinded (#1645870) - Various patches: - memory issues in logind, networkd, journald (#1653068), sd-device, etc. - Adaptations for newer meson, lz4, kernel - Fixes for misleading bugs in documentation - net.ipv4.conf.all.rp_filter is changed from 1 to 2 * Sun Oct 28 2018 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 239-6.git9f3aed1 - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076) - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071) - Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) - The DHCP server is started only when link is UP - DHCPv6 prefix delegation is improved - Downgrade logging of various messages and add loging in other places - Many many fixes in error handling and minor memory leaks and such - Fix typos and omissions in documentation - Typo in %_environmnentdir rpm macro is fixed (with backwards compatiblity preserved) - Matching by MACAddress= in systemd-networkd is fixed - Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs) - systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0 - Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression. - "systemctl --wait start" exits immediately if no valid units are named - zram devices are not considered as candidates for hibernation - ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed) - Various smaller improvements to unit ordering and dependencies - generators are now called with the manager's environment - Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues - The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. - Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter. - "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present - Hibernation is not advertised if resume= is not present on the kernenl command line - Hibernation/Suspend/... modes can be disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep= - LOGO= and DOCUMENTATION_URL= are documented for the os-release file - The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries - Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects - Catalog entries for the journal are improved (#1639482) - If suspend fails, the post-suspend hooks are still called. - Various build issues on less-common architectures are fixed * Wed Oct 3 2018 Jan Syn����ek jsynacek@redhat.com - 239-5 - Fix line_begins() to accept word matching full string (#1631840) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1678394 - CVE-2019-6454 systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1678394 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-8434288a24' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------