ELSA-2019-3592
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-3592
ELSA-2019-3592 - systemd security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2019-11-14 |
Description
[239-18.0.1]
- fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
[239-18]
- shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857)
- sd-bus: adjust indentation of comments (#1746857)
- resolved: do not run loop twice (#1746857)
- resolved: allow access to Set*Link and Revert methods through polkit (#1746857)
- resolved: query polkit only after parsing the data (#1746857)
[239-17]
- mount: simplify /proc/self/mountinfo handler (#1696178)
- mount: rescan /proc/self/mountinfo before processing waitid() results (#1696178)
- swap: scan /proc/swaps before processing waitid() results (#1696178)
- analyze-security: fix potential division by zero (#1734400)
[239-16]
- sd-bus: deal with cookie overruns (#1694999)
- journal-remote: do not request Content-Length if Transfer-Encoding is chunked (#1708849)
- journal: do not remove multiple spaces after identifier in syslog message (#1691817)
- cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. (#1719153)
- cryptsetup: call crypt_load() for LUKS only once (#1719153)
- cryptsetup: Add LUKS2 token support. (#1719153)
- udev/scsi_id: fix incorrect page length when get device identification VPD page (#1713227)
- Change job mode of manager triggered restarts to JOB_REPLACE (#11456
- bash-completion: analyze: support 'security' (#1733395)
- man: note that journal does not validate syslog fields (#1707175)
- rules: skip memory hotplug on ppc64 (#1713159)
[239-15]
- tree-wide: shorten error logging a bit (#1697893)
- nspawn: simplify machine terminate bus call (#1697893)
- nspawn: merge two variable declaration lines (#1697893)
- nspawn: rework how we allocate/kill scopes (#1697893)
- unit: enqueue cgroup empty check event if the last ref on a unit is dropped (#1697893)
- Revert 'journal: remove journal audit socket' (#1699287)
- journal: dont enable systemd-journald-audit.socket by default (#1699287)
- logs-show: use grey color for de-emphasizing journal log output (#1695601)
- units: add [Install] section to tmp.mount (#1667065)
- nss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESS (#1691691)
- util.h: add new UNPROTECT_ERRNO macro (#1691691)
- nss: unportect errno before writing to NSS *errnop (#1691691)
- seccomp: reduce logging about failure to add syscall to seccomp (#1658691)
- format-table: when duplicating a cell, also copy the color (#1689832)
- format-table: optionally make specific cells clickable links (#1689832)
- format-table: before outputting a color, check if colors are available (#1689832)
- format-table: add option to store/format percent and uint64_t values in cells (#1689832)
- format-table: optionally allow reversing the sort order for a column (#1689832)
- format-table: add table_update() to update existing entries (#1689832)
- format-table: add an API for getting the cell at a specific row/column (#1689832)
- format-table: always underline header line (#1689832)
- format-table: add calls to query the data in a specific cell (#1689832)
- format-table: make sure we never call memcmp() with NULL parameters (#1689832)
- format-table: use right field for display (#1689832)
- format-table: add option to uppercase cells on display (#1689832)
- format-table: never try to reuse cells that have color/url/uppercase set (#1689832)
- locale-util: add logic to output smiley emojis at various happiness levels (#1689832)
- analyze: add new security verb (#1689832)
- tests: add a rudimentary fuzzer for server_process_syslog_message (#9979) (#1696224)
- journald: make it clear that dev_kmsg_record modifies the string passed to it (#1696224)
- journald: free the allocated memory before returning from dev_kmsg_record (#1696224)
- tests: rework the code fuzzing journald (#1696224)
- journald: make server_process_native_message compatible with fuzz_journald_processing_function (#1696224)
- tests: add a fuzzer for server_process_native_message (#1696224)
- tests: add a fuzzer for sd-ndisc (#1696224)
- ndisc: fix two infinite loops (#1696224)
- tests: add reproducers for several issues uncovered with fuzz-journald-syslog (#1696224)
- tests: add a reproducer for an infinite loop in ndisc_handle_datagram (#1696224)
- tests: add a reproducer for another infinite loop in ndisc_handle_datagram (#1696224)
- fuzz: rename 'fuzz-corpus' directory to just 'fuzz' (#1696224)
- test: add testcase for issue 10007 by oss-fuzz (#1696224)
- fuzz: unify the 'fuzz-regressions' directory with the main corpus (#1696224)
- test-bus-marshal: use cescaping instead of hexmem (#1696224)
- meson: add -Dlog-trace to set LOG_TRACE (#1696224)
- meson: allow building resolved and machined without nss modules (#1696224)
- meson: drop duplicated condition (#1696224)
- meson: use .source_root() in more places (#1696224)
- meson: treat all fuzz cases as unit tests (#1696224)
- fuzz-bus-message: add fuzzer for message parsing (#1696224)
- bus-message: use structured initialization to avoid use of unitialized memory (#1696224)
- bus-message: avoid an infinite loop on empty structures (#1696224)
- bus-message: lets always use -EBADMSG when the message is bad (#1696224)
- bus-message: rename function for clarity (#1696224)
- bus-message: use define (#1696224)
- bus: do not print (null) if the message has unknown type (#1696224)
- bus-message: fix calculation of offsets table (#1696224)
- bus-message: remove duplicate assignment (#1696224)
- bus-message: fix calculation of offsets table for arrays (#1696224)
- bus-message: drop asserts in functions which are wrappers for varargs version (#1696224)
- bus-message: output debug information about offset troubles (#1696224)
- bus-message: fix skipping of array fields in !gvariant messages (#1696224)
- bus-message: also properly copy struct signature when skipping (#1696224)
- fuzz-bus-message: add two test cases that pass now (#1696224)
- bus-message: return -EBADMSG not -EINVAL on invalid !gvariant messages (#1696224)
- bus-message: avoid wrap-around when using length read from message (#1696224)
- util: do not use stack frame for parsing arbitrary inputs (#1696224)
- travis: enable ASan and UBSan on RHEL8 (#1683319)
- tests: keep SYS_PTRACE when running under ASan (#1683319)
- tree-wide: various ubsan zero size memory fixes (#1683319)
- util: introduce memcmp_safe() (#1683319)
- test-socket-util: avoid 'memleak' reported by valgrind (#1683319)
- sd-journal: escape binary data in match_make_string() (#1683319)
- capability: introduce CAP_TO_MASK_CORRECTED() macro replacing CAP_TO_MASK() (#1683319)
- sd-bus: use size_t when dealing with memory offsets (#1683319)
- sd-bus: call cap_last_cap() only once in has_cap() (#1683319)
- mount-point: honour AT_SYMLINK_FOLLOW correctly (#1683319)
- travis: switch from trusty to xenial (#1683319)
- test-socket-util: Add tests for receive_fd_iov() and friends. (#1683319)
- socket-util: Introduce send_one_fd_iov() and receive_one_fd_iov() (#1683319)
- core: swap order of 'n_storage_fds' and 'n_socket_fds' parameters (#1683334)
- execute: use our usual syntax for defining bit masks (#1683334)
- core: introduce new Type=exec service type (#1683334)
- man: document the new Type=exec type (#1683334)
- sd-bus: allow connecting to the pseudo-container '.host' (#1683334)
- sd-login: lets also make sd-login understand '.host' (#1683334)
- test: add test for Type=exec (#1683334)
- journal-gateway: explicitly declare local variables (#1705971)
- tools: drop unused variable (#1705971)
- journal-gateway: use localStorage['cursor'] only when it has valid value (#1705971)
[239-14]
- rules: implement new memory hotplug policy (#1670728)
- rules: add the rule that adds elevator= kernel command line parameter (#1670126)
- bus-socket: Fix line_begins() to accept word matching full string (#1692991)
- Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1678641)
- Allocate temporary strings to hold dbus paths on the heap (#1678641)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1678641)
- Revert 'core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it (#1703485)
Related CVEs
| CVE-2019-15718 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | systemd-239-18.0.1.el8.src.rpm | 8e3e7eb76900e86ba47441d5cda41bba | - |
| systemd-239-18.0.1.el8.aarch64.rpm | 6eabc797141b547132c65918636fd1b2 | - | |
| systemd-container-239-18.0.1.el8.aarch64.rpm | a3c0221c7d63023e89e5ce618deb8fcf | - | |
| systemd-devel-239-18.0.1.el8.aarch64.rpm | aa97178414ac6b3f1b5ca1e922ecdfae | - | |
| systemd-journal-remote-239-18.0.1.el8.aarch64.rpm | 04edccf3ed4e5e44a0188d283f0d6358 | - | |
| systemd-libs-239-18.0.1.el8.aarch64.rpm | b50a129686ea1ad9ee3942d259531e91 | - | |
| systemd-pam-239-18.0.1.el8.aarch64.rpm | 7b9152235d10492dbc665ed62a3a0963 | - | |
| systemd-tests-239-18.0.1.el8.aarch64.rpm | b7dc1110bea1860f14c6564a0ce58a52 | - | |
| systemd-udev-239-18.0.1.el8.aarch64.rpm | 8efc257e7966eab8f294e06baec32ab3 | - | |
| Oracle Linux 8 (x86_64) | systemd-239-18.0.1.el8.src.rpm | 8e3e7eb76900e86ba47441d5cda41bba | - |
| systemd-239-18.0.1.el8.i686.rpm | acbe49e5aa5a37e3b1be47b3ab34113a | - | |
| systemd-239-18.0.1.el8.x86_64.rpm | fe6abbf840e80d170c960e0f013bfc66 | - | |
| systemd-container-239-18.0.1.el8.i686.rpm | 01ff35eb54dc1da2a7314b5aeb3776d0 | - | |
| systemd-container-239-18.0.1.el8.x86_64.rpm | 216bddd57841ec40ed25cf46ce2ba3f0 | - | |
| systemd-devel-239-18.0.1.el8.i686.rpm | 2a7cae059da4d97dffc48086f6092ab9 | - | |
| systemd-devel-239-18.0.1.el8.x86_64.rpm | 0877589e542f95a0c9110e261cb4b904 | - | |
| systemd-journal-remote-239-18.0.1.el8.x86_64.rpm | d4f69bb92e534874f3057258330e92ec | - | |
| systemd-libs-239-18.0.1.el8.i686.rpm | 42a10c0124a9fe3b25855b4565629d94 | - | |
| systemd-libs-239-18.0.1.el8.x86_64.rpm | 1b5ac5fa8582accd2428057b359d7249 | - | |
| systemd-pam-239-18.0.1.el8.x86_64.rpm | 3f3da88ecc0caff108d81581e4eb1057 | - | |
| systemd-tests-239-18.0.1.el8.x86_64.rpm | 1aef6a26f6443ba6f336df2e6575d5fb | - | |
| systemd-udev-239-18.0.1.el8.x86_64.rpm | 50f22af6c3e53d24d43c3ea62849d0a0 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
