ELSA-2019-2091

ELSA-2019-2091 - systemd security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2019-08-13

Description


[219-67.0.1]
- do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896]
- OL7 udev rule for virtio net standby interface [Orabug: 28826743]
- fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com)
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]

[219-67]
- fix mis-merge (#1714503)
- fs-util: chase_symlinks(): prevent double fre (#1714782)

[219-66]
- sd-bus: unify three code-paths which free struct bus_container (#1643394)
- hashmap: dont use mempool (#1609349)
- man: be more explicit about thread safety of sd_journal (#1609349)
- selinux: dont log SELINUX_INFO and SELINUX_WARNING messages to audit (#1240730)

[219-65]
- backport fd_is_fs_type (#1663143)
- backport chase_symlinks (#1663143)
- fs-util: add new CHASE_SAFE flag to chase_symlinks() (#1663143)
- fs-util: add new chase_symlinks() flag CHASE_OPEN (#1663143)
- sd-dameon: also sent ucred when our UID differs from EUID (#1663143)
- notify: add new --uid= command (#1663143)
- core: be stricter when handling PID files and MAINPID sd_notify() messages (#1663143)
- journald: respect KeepFree= as well as MaxUse= values (#1361893)
- shutdown: in_container was used before its definition (#1693716)
- core: Fix edge case when processing /proc/self/mountinfo (#1691511)
- sd-bus: deal with cookie overruns (#1693559)
- Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667871)
- Allocate temporary strings to hold dbus paths on the heap (#1667871)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871)
- udev: check if the spawned PID didnt exit after reaping unexpected PID (#1697909)
- udev: call poll() again after killing the spawned process (#1697909)
- udev: check age against both timeouts to prevent integer wraparound (#1697909)
- avoid possible hang if our child process hangs (#1697909)
- missing: when adding syscall replacements, use different names (#1694605)
- include sys/sysmacros.h in more places (#1694605)

[219-64]
- detect-virt: do not try to read all of /proc/cpuinfo (#1631531)
- core: disable the effect of Restart= if theres a stop job pending for a service (#6581) (#1626382)
- networkd: respect DHCP UseRoutes option (#1663365)
- networkd: fix dhcp4 link without routes not being considered ready (#8728) (#1663365)
- networkd: dont crash when mtu changes (#6594) (#1663365)
- tmpfiles: 'e' takes globs (#1641764)
- tmpfiles: 'e' is supposed to operate on directory only (#1641764)
- tmpfiles: 'e' is supposed to accept shell-style globs (#1641764)
- bus-message: do not crash on message with a string of zero length (#1643396)
- Revert 'bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks' (#1643172)
- set automount state to waiting when the mount is stopped (#1651257)
- core: when deserializing state always use read_line(, LONG_LINE_MAX, ) (CVE-2018-15686)
- shorten hostname before checking for trailing dot (#1631625)
- journald: fixed assertion failure when system journal rotation fails (#9893) (#1619543)
- local-addresses: handle gracefully if routes lack an RTA_OIF attribute (#1627750)
- rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1666612)
- 6647 - use path_startswith('/dev') in cryptsetup (#6732) (#1664695)
- core: mount-setup: handle non-existing mountpoints gracefully (#1585411)
- units/rescue.service.in: fix announcement message (#1660422)
- systemctl: Allow 'edit' and 'cat' on unloaded units (#1649518)
- main: improve RLIMIT_NOFILE handling (#5795) (#1585913)
- shared/sleep-config: exclude zram devices from hibernation candidates (#1609816)
- journalctl: allow --file/--directory with --boot or --list-boots (#1463678)
- journalct: allow --boot=0 to DTRT with --file/--directory (#1463678)
- journal-remote: show error message if output file name does not end with .journal (bz#1267552)
- artificially serialize building of .policy files (#1272485)
- cryptsetup: add support for sector-size= option (#9936) (#1571801)
- cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990) (#1571801)
- journal: fix syslog_parse_identifier() (#1657794)
- journal: do not remove multiple spaces after identifier in syslog message (#1657794)
- tmpfiles: change ownership of symlinks too (#1620110)
- tmpfiles: fix check for figuring out whether to call chmod() (#1620110)
- shared/install: allow 'enable' on linked unit files (#1628575)

[219-63]
- dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688)
- journald: do not store the iovec entry for process commandline on stack (#1657788)
- journald: set a limit on the number of fields (1k) (#1657792)
- journal-remote: set a limit on the number of fields in a message (#1657792)
- journald: free cmdline buffers owned by iovec (#1666646)


Related CVEs


CVE-2018-15686
CVE-2018-16866
CVE-2018-16888

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) systemd-219-67.0.1.el7.src.rpm4435b5541d44d32f80961c40ded8b2be-
libgudev1-219-67.0.1.el7.aarch64.rpme78528bb5a98122d73c333126d8b32c4-
libgudev1-devel-219-67.0.1.el7.aarch64.rpm1aa58401594cb1a804a9d09ae6f3d668-
systemd-219-67.0.1.el7.aarch64.rpm0f2b1cf0e613fe584838d94cc5ef16c1-
systemd-devel-219-67.0.1.el7.aarch64.rpm012cebca997cc6f9df44ab122927559d-
systemd-journal-gateway-219-67.0.1.el7.aarch64.rpm7cd67337e57864e00ddcdf0f2d5d2618-
systemd-libs-219-67.0.1.el7.aarch64.rpm1c9a1ca042927301e6c84f162f0583bc-
systemd-networkd-219-67.0.1.el7.aarch64.rpmacffde820ac9749009f4eac57c8428b2-
systemd-python-219-67.0.1.el7.aarch64.rpm35f2ee0e8fa6c76f7bb24ba5b93653ca-
systemd-resolved-219-67.0.1.el7.aarch64.rpm270356a320ba890acb1e3b6f21363604-
systemd-sysv-219-67.0.1.el7.aarch64.rpm8aa60e4239450359eb2cd616dfededac-
Oracle Linux 7 (x86_64) systemd-219-67.0.1.el7.src.rpm4435b5541d44d32f80961c40ded8b2be-
libgudev1-219-67.0.1.el7.i686.rpmf4cc7315172cbbc7a86442e8d0bda9c0-
libgudev1-219-67.0.1.el7.x86_64.rpmef5af1de168e02eb917945fd0bbd5bdf-
libgudev1-devel-219-67.0.1.el7.i686.rpm991d7e4dbb7ad0ab389b3d27768de201-
libgudev1-devel-219-67.0.1.el7.x86_64.rpma796bd8cb6be2781c353d5c91f2a3231-
systemd-219-67.0.1.el7.x86_64.rpmca75321dc86aeed6677f9092fb9f0edd-
systemd-devel-219-67.0.1.el7.i686.rpm2a9b3dba67dc1f51f6e4e308ee5d612b-
systemd-devel-219-67.0.1.el7.x86_64.rpm0c291ead341a08695d34fdd2c6a622b4-
systemd-journal-gateway-219-67.0.1.el7.x86_64.rpm6b0bfd0bd64d967d00a82039c87eca54-
systemd-libs-219-67.0.1.el7.i686.rpm883639f79bcfcca2c25ae10e7ff93dc4-
systemd-libs-219-67.0.1.el7.x86_64.rpm0f1c028ec559f64136f84f27c210ed37-
systemd-networkd-219-67.0.1.el7.x86_64.rpm979cae6b96acc0887e0151dee80ab159-
systemd-python-219-67.0.1.el7.x86_64.rpm4181250fc312d10716f6e2d23e73ef45-
systemd-resolved-219-67.0.1.el7.i686.rpm90c3585dc2df23feb51da495f20c1b15-
systemd-resolved-219-67.0.1.el7.x86_64.rpm6dcfa95fb6b2a700ff5fdb425551d1b2-
systemd-sysv-219-67.0.1.el7.x86_64.rpmcd4fbeaaf0e10b71a341e01d8c7fbcd6-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete