ELSA-2016-2610
- ULN >
- Oracle Linux Errata repository >
- ELSA-2016-2610
ELSA-2016-2610 - systemd security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2016-11-09 |
Description
[219-30.0.1.3]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
- rules: load sg module (#1223340)
- run: drop mistakenly committed test code (#1220272)
- cgroup: downgrade log messages when we cannot write to cgroup trees that are mounted read-only (#1220298)
- Revert 'conditionalize hardening away on s390(x)'
- Revert 'units: fix BindsTo= logic when applied relative to services with Type=oneshot' (#1203803)
- shared/install: avoid prematurely rejecting 'missing' units (#1199981)
- core: fix enabling units via their absolute paths (#1199981)
[219-30.3]
- mtd_probe: add include for stdint (#1381573)
[219-30.2]
- manager: 219 needs u->id in log_unit_debug (#1381573)
[219-30.1]
- If the notification message length is 0, ignore the message (#4237) (#1381573)
- systemctl: suppress errors with 'show' for nonexistent units and properties (#1380686)
- 40-redhat.rules: disable auto-online of hot-plugged memory on IBM z Systems (#1381123)
- pid1: don't return any error in manager_dispatch_notify_fd() (#4240) (#1381573)
- pid1: process zero-length notification messages again (#1381573)
- pid1: more informative error message for ignored notifications (#1381573)
[219-30]
- systemctl,pid1: do not warn about missing install info with 'preset' (#1373950)
- systemctl/core: ignore masked units in preset-all (#1375097)
- shared/install: handle dangling aliases as an explicit case, report nicely (#1375097)
- shared/install: ignore unit symlinks when doing preset-all (#1375097)
- 40-redhat.rules: don't hoplug memory on s390x (#1370161)
[219-29]
- fix gcc warnings about uninitialized variables (#1318994)
- journalctl: rework code that checks whether we have access to /var/log/journal (#1318994)
- journalctl: Improve boot ID lookup (#1318994)
- journalctl: only have a single exit path from main() (#1318994)
- journalctl: free all command line argument objects (#1318994)
- journalctl: rename boot_id_t to BootId (#1318994)
- util: introduce CMSG_FOREACH() macro and make use of it everywhere (#1318994)
- journald: don't employ inner loop for reading from incoming sockets (#1318994)
- journald: fix count of object meta fields (#1318994)
- journal-cat: return a correct error, not -1 (#1318994)
- journalctl: introduce short options for --since and --until (#1318994)
- journal: s/Envalid/Invalid/ (#1318994)
- journald: dispatch SIGTERM/SIGINT with a low priority (#1318994)
- lz4: fix size check which had no chance of working on big-endian (#1318994)
- journal: normalize priority of logging sources (#1318994)
- Fix miscalculated buffer size and uses of size-unlimited sprintf() function. (#1318994)
- journal: Drop monotonicity check when appending to journal file (#1318994)
- journalctl: unify how we free boot id lists a bit (#1318994)
- journalctl: don't trust the per-field entry tables when looking for boot IDs (#1318994)
- units: remove udev control socket when systemd stops the socket unit (#49) (#1370133)
- logind: don't assert if the slice is missing (#1371437)
- core: enable transient unit support for slice units (#1370299)
- sd-bus: bump message queue size (#1371205)
- install: fix disable when /etc/systemd/system is a symlink (#1285996)
- rules: add NVMe rules (#3136) (#1274651)
- rules: introduce disk/by-id (model_serial) symlinks for NVMe drives (#3974) (#1274651)
- rules: fix for possible whitespace in the 'model' attribute (#1274651)
[219-27]
- tmpfiles: enforce ordering when executing lines (#1365870)
- Introduce bus_unit_check_load_state() helper (#1256858)
- core: use bus_unit_check_load_state() in transaction_add_job_and_dependencies() (#1256858)
- udev/path_id: correct segmentation fault due to missing NULL check (#1365556)
- rules: load sg driver also when scsi_target appears (#45) (#1322773)
[219-26]
- install: do not crash when processing empty (masked) unit file (#1159308)
- Revert 'install: fix disable via unit file path' (#1348208)
- systemctl: allow disable on the unit file path, but warn about it (#3806) (#1348208)
[219-25]
- units: increase watchdog timeout to 3min for all our services (#1267707)
- core: bump net.unix.max_dgram_qlen really early during boot (#1267707)
- core: fix priority ordering in notify-handling (#1267707)
- tests: fix personality tests on ppc64 and aarch64 (#1361049)
- systemctl: consider service running only when it is in active or reloading state (#3874) (#1362461)
[219-24]
- manager: don't skip sigchld handler for main and control pid for services (#3738) (#1342173)
[219-23]
- udevadm: explicitly relabel /etc/udev/hwdb.bin after rename (#1350756)
- systemctl: return diffrent error code if service exist or not (#3385) (#1047466)
- systemctl: Replace init script error codes with enum (#3400) (#1047466)
- systemctl: rework 'systemctl status' a bit (#1047466)
- journal-verify: don't hit SIGFPE when determining progress (#1350232)
- journal: avoid mapping empty data and field hash tables (#1350232)
- journal: when verifying journal files, handle empty ones nicely (#1350232)
- journal: explain the error when we find a non-DATA object that is compressed (#1350232)
- journalctl: properly detect empty journal files (#1350232)
- journal: uppercase first character in verify error messages (#1350232)
- journalctl: make sure 'journalctl -f -t unmatched' blocks (#1350232)
- journalctl: don't print -- No entries -- in quiet mode (#1350232)
- sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#1342173)
- manager: Only invoke a single sigchld per unit within a cleanup cycle (#1342173)
- manager: Fixing a debug printf formatting mistake (#1342173)
- core: support IEC suffixes for RLIMIT stuff (#1351415)
- core: accept time units for time-based resource limits (#1351415)
- time-util: add parse_time(), which is like parse_sec() but allows specification of default time unit if none is specified (#1351415)
- core: support
- core: fix rlimit parsing (#1351415)
- core: dump rlim_cur too (#1351415)
- install: fix disable via unit file path (#1348208)
[219-22]
- nspawn: when connected to pipes for stdin/stdout, pass them as-is to PID 1 (#1307080)
- mount: remove obsolete -n (#1339721)
- core: don't log job status message in case job was effectively NOP (#3199) (#1280014)
- core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification (#1305608)
- logind: process session/inhibitor fds at higher priority (#1305608)
- Teach bus_append_unit_property_assignment() about 'Delegate' property (#1337922)
- sd-netlink: fix deep recursion in message destruction (#1330593)
- add REMOTE_ADDR and REMOTE_PORT for Accept=yes (#1341154)
- core: don't dispatch load queue when setting Slice= for transient units (#1343904)
- run: make --slice= work in conjunction with --scope (#1343904)
- myhostname: fix timeout if ipv6 is disabled (#1330973)
- readahead: do not increase nr_requests for root fs block device (#1314559)
- manager: reduce complexity of unit_gc_sweep (#3507) (#1344556)
- hwdb: selinuxify a bit (#3460) (#1343648)
[219-21]
- path_id: reintroduce by-path links for virtio block devices (#952567)
- journal: fix error handling when compressing journal objects (#1292447)
- journal: irrelevant coding style fixes (#1292447)
- install: follow unit file symlinks in /usr, but not /etc when looking for [Install] data (#1159308)
- core: look for instance when processing template name (#1159308)
- core: improve error message when starting template without instance (#1142369)
- man/tmpfiles.d: add note about permissions and ownership of symlinks (#1296288)
- tmpfiles: don't follow symlinks when adjusting ACLs, fille attributes, access modes or ownership (#1296288)
- udev: filter out non-sensically high onboard indexes reported by the kernel (#1230210)
- test-execute: add tests for RuntimeDirectory (#1324826)
- core: fix group ownership when Group is set (#1324826)
- fstab-generator: cescape device name in root-fsck service (#1306126)
- core: add new RandomSec= setting for time units (#1305279)
- core: rename Random* to RandomizedDelay* (#1305279)
- journal-remote: change owner of /var/log/journal/remote and create /var/lib/systemd/journal-upload (#1327303)
- Add Seal option in the configuration file for journald-remote (#1329233)
- tests: fix make check failure (#1159308)
- device: make sure to not ignore re-plugged device (#1332606)
- device: Ensure we have sysfs path before comparing. (#1332606)
- core: fix memory leak on set-default, enable, disable etc (#1331667)
- nspawn: fix minor memory leak (#1331667)
- basic: fix error/memleak in socket-util (#1331667)
- core: fix memory leak in manager_run_generators() (#1331667)
- modules-load: fix memory leak (#1331667)
- core: fix memory leak on failed preset-all (#1331667)
- sd-bus: fix memory leak in test-bus-chat (#1331667)
- core: fix memory leak in transient units (#1331667)
- bus: fix leak in error path (#1331667)
- shared/logs-show: fix memleak in add_matches_for_unit (#1331667)
- logind: introduce LockedHint and SetLockedHint (#3238) (#1335499)
- import: use the old curl api (#1284974)
- importd: drop dkr support (#1284974)
- import: add support for gpg2 for verifying imported images (#1284974)
[219-20]
- run: synchronously wait until the scope unit we create is started (#1272368)
- device: rework how we enter tentative state (#1283579)
- core: Do not bind a mount unit to a device, if it was from mountinfo (#1283579)
- logind: set RemoveIPC=no by default (#1284588)
- sysv-generator: follow symlinks in /etc/rc.d/init.d (#1285492)
- sysv-generator test: always log to console (#1279034)
- man: RemoveIPC is set to no on rhel (#1284588)
- Avoid /tmp being mounted as tmpfs without the user's will (#1298109)
- test sysv-generator: Check for network-online.target. (#1279034)
- arm/aarch64: detect-virt: check dmi (#1278165)
- detect-virt: dmi: look for KVM (#1278165)
- Revert 'journald: turn ForwardToSyslog= off by default' (#1285642)
- terminal-util: when resetting terminals, don't wait for carrier (#1266745)
- basic/terminal-util: introduce SYSTEMD_COLORS environment variable (#1247963)
- ask-password: don't abort when message is missing (#1261136)
- sysv-generator: do not join dependencies on one line, split them (#1288600)
- udev: fibre channel: fix NPIV support (#1266934)
- ata_id: unreverse WWN identifier (#1273306)
- Fixup WWN bytes for big-endian systems (#1273306)
- sd-journal: introduce has_runtime_files and has_persistent_files (#1082179)
- journalctl: improve error messages when the specified boot is not found (#1082179)
- journalctl: show friendly info when using -b on runtime journal only (#1082179)
- journalctl: make 'journalctl /dev/sda' work (#947636)
- journalctl: add match for the current boot when called with devpath (#947636)
- man: clarify what happens when journalctl is called with devpath (#947636)
- core: downgrade warning about duplicate device names (#1296249)
- udev: downgrade a few warnings to debug messages (#1289461)
- man: LEVEL in systemd-analyze set-log level is not optional (#1268336)
- Revert 'udev: fibre channel: fix NPIV support' (#1266934)
- udev: path-id: fibre channel NPIV - use fc_vport's port_name (#1266934)
- systemctl: is-active/failed should return 0 if at least one unit is in given state (#1254650)
- rules: set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event (#1312011)
- s390: add personality support (#1300344)
- socket_address_listen - do not rely on errno (#1316452)
Related CVEs
| CVE-2016-7795 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (x86_64) | systemd-219-30.0.1.el7_3.3.src.rpm | 1add020136aabee45c17d0673be54d50 | ELBA-2021-9263 |
| libgudev1-219-30.0.1.el7_3.3.i686.rpm | 03c0f9c398c32ebc4db4e177d8b3f8ad | ELBA-2021-9263 | |
| libgudev1-219-30.0.1.el7_3.3.x86_64.rpm | 9be2b597fc8de6f313c8db39ddc1bb2a | ELBA-2021-9263 | |
| libgudev1-devel-219-30.0.1.el7_3.3.i686.rpm | 092d9371802aacdacc2c9ada76ce7cfc | ELBA-2021-9263 | |
| libgudev1-devel-219-30.0.1.el7_3.3.x86_64.rpm | 18ff86a04233f7032ce33334722dbe4d | ELBA-2021-9263 | |
| systemd-219-30.0.1.el7_3.3.x86_64.rpm | 91c744b1f4ad7a7fac9b644312d0e03f | ELBA-2021-9263 | |
| systemd-devel-219-30.0.1.el7_3.3.i686.rpm | 3cbe05a48173d17017677c1b0845d8b5 | ELBA-2021-9263 | |
| systemd-devel-219-30.0.1.el7_3.3.x86_64.rpm | 2f918fbcbc4641e3d9b79b091e6d42f5 | ELBA-2021-9263 | |
| systemd-journal-gateway-219-30.0.1.el7_3.3.x86_64.rpm | 10a6f87a0bbe10e95401b9bab4e14ef1 | ELBA-2021-9263 | |
| systemd-libs-219-30.0.1.el7_3.3.i686.rpm | a62c2c172eff9da3ba895285f11ff69b | ELBA-2021-9263 | |
| systemd-libs-219-30.0.1.el7_3.3.x86_64.rpm | 094cfbe18e11dbed4116b3f18d171beb | ELBA-2021-9263 | |
| systemd-networkd-219-30.0.1.el7_3.3.x86_64.rpm | c5ed579cf2e824f9730a49203741cbc2 | ELBA-2021-9263 | |
| systemd-python-219-30.0.1.el7_3.3.x86_64.rpm | 6a4eef3ae5370491a4b085a59110e92e | ELBA-2021-9263 | |
| systemd-resolved-219-30.0.1.el7_3.3.i686.rpm | c22050a42db44717f0e690126e4b458c | ELBA-2021-9263 | |
| systemd-resolved-219-30.0.1.el7_3.3.x86_64.rpm | aa35a4d86b28388e55402c6b6975ee40 | ELBA-2021-9263 | |
| systemd-sysv-219-30.0.1.el7_3.3.x86_64.rpm | 5848235dcb7f90657f77ba61b3036236 | ELBA-2021-9263 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
