--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-c402eea18b
2018-11-01 15:05:49.865523
--------------------------------------------------------------------------------
Name : systemd
Product : Fedora 29
Version : 239
Release : 6.git9f3aed1.fc29
URL :
http://www.freedesktop.org/wiki/Software/systemd
Summary : System and Service Manager
Description :
systemd is a system and service manager that runs as PID 1 and starts
the rest of the system. It provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux control groups, maintains mount and automount points, and
implements an elaborate transactional dependency-based service control
logic. systemd supports SysV and LSB init scripts and works as a
replacement for sysvinit. Other parts of this package are a logging daemon,
utilities to control basic system configuration like the hostname,
date, locale, maintain a list of logged-in users and running
containers and virtual machines, system accounts, runtime directories
and settings, and daemons to manage simple network configuration,
network time synchronization, log forwarding, and name resolution.
--------------------------------------------------------------------------------
Update Information:
- Fix a local vulnerability from a race condition in chown-recursive
(CVE-2018-15687, #1639076) - Fix a local vulnerability from invalid handling of
long lines in state deserialization (CVE-2018-15686, #1639071) - Fix a remote
vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067) - The
DHCP server is started only when link is UP - DHCPv6 prefix delegation is
improved - Downgrade logging of various messages and add loging in other places
- Many many fixes in error handling and minor memory leaks and such - Fix typos
and omissions in documentation - Typo in %%_environmnentdir rpm macro is fixed
(with backwards compatiblity preserved) - Matching by MACAddress= in systemd-
networkd is fixed - Creation of user runtime directories is improved, and the
user manager is only stopped after 10 s after the user logs out (#1642460 and
other bugs) - systemd units systemd-timesyncd, systemd-resolved, systemd-
networkd are switched back to use DynamicUser=0 - Aliases are now resolved when
loading modules from pid1. This is a (redundant) fix for a brief kernel
regression. - "systemctl --wait start" exits immediately if no valid units are
named - zram devices are not considered as candidates for hibernation - ECN is
not requested for both in- and out-going connections (the sysctl overide for
net.ipv4.tcp_ecn is removed) - Various smaller improvements to unit ordering and
dependencies - generators are now called with the manager's environment -
Handling of invalid (intentionally corrupt) dbus messages is improved, fixing
potential local DOS avenues - The target of symlinks links in .wants/ and
.requires/ is now ignored. This fixes an issue where the unit file would
sometimes be loaded from such a symlink, leading to non-deterministic unit
contents. - Filtering of kernel threads is improved. This fixes an issues with
newer kernels where hybrid kernel/user threads are used by bpfilter. -
"noresume" can be used on the kernel command line to force normal boot even if
a
hibernation images is present - Hibernation is not advertised if resume= is not
present on the kernenl command line - Hibernation/Suspend/... modes can be
disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=,
AllowHybridSleep= - LOGO= and DOCUMENTATION_URL= are documented for the os-
release file - The hashmap mempool is now only used internally in systemd, and
is disabled for external users of the systemd libraries - Additional state is
serialized/deserialized when logind is restarted, fixing the handling of user
objects - Catalog entries for the journal are improved (#1639482) - If suspend
fails, the post-suspend hooks are still called. - Various build issues on less-
common architectures are fixed No need to reboot or log out.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> -
239-6.git9f3aed1
- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687,
#1639076)
- Fix a local vulnerability from invalid handling of long lines in state deserialization
(CVE-2018-15686, #1639071)
- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
- The DHCP server is started only when link is UP
- DHCPv6 prefix delegation is improved
- Downgrade logging of various messages and add loging in other places
- Many many fixes in error handling and minor memory leaks and such
- Fix typos and omissions in documentation
- Typo in %_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
- Matching by MACAddress= in systemd-networkd is fixed
- Creation of user runtime directories is improved, and the user
manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to
use DynamicUser=0
- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a
brief kernel regression.
- "systemctl --wait start" exits immediately if no valid units are named
- zram devices are not considered as candidates for hibernation
- ECN is not requested for both in- and out-going connections (the sysctl overide for
net.ipv4.tcp_ecn is removed)
- Various smaller improvements to unit ordering and dependencies
- generators are now called with the manager's environment
- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential
local DOS avenues
- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an
issue where
the unit file would sometimes be loaded from such a symlink, leading to
non-deterministic unit contents.
- Filtering of kernel threads is improved. This fixes an issues with newer kernels where
hybrid kernel/user
threads are used by bpfilter.
- "noresume" can be used on the kernel command line to force normal boot even if
a hibernation images is present
- Hibernation is not advertised if resume= is not present on the kernenl command line
- Hibernation/Suspend/... modes can be disabled using AllowSuspend=,
AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
- LOGO= and DOCUMENTATION_URL= are documented for the os-release file
- The hashmap mempool is now only used internally in systemd, and is disabled for external
users of the systemd libraries
- Additional state is serialized/deserialized when logind is restarted, fixing the
handling of user objects
- Catalog entries for the journal are improved (#1639482)
- If suspend fails, the post-suspend hooks are still called.
- Various build issues on less-common architectures are fixed
* Wed Oct 3 2018 Jan Syn����ek <jsynacek(a)redhat.com> - 239-5
- Fix line_begins() to accept word matching full string (#1631840)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1639067 - CVE-2018-15688 systemd: Out-of-bounds heap write in
systemd-networkd dhcpv6 option handling
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
[ 2 ] Bug #1639071 - CVE-2018-15686 systemd: Line splitting via fgets() allows for state
injection during daemon-reexec
https://bugzilla.redhat.com/show_bug.cgi?id=1639071
[ 3 ] Bug #1639076 - CVE-2018-15687 systemd: Dereference of symlinks in
chown_recursive.c:chown_one() allows for modification of file privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1639076
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-c402eea18b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------