ELSA-2019-3592
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-3592
ELSA-2019-3592 - systemd security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2019-11-14 |
Description
[239-18.0.1]
- fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
[239-18]
- shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857)
- sd-bus: adjust indentation of comments (#1746857)
- resolved: do not run loop twice (#1746857)
- resolved: allow access to Set*Link and Revert methods through polkit (#1746857)
- resolved: query polkit only after parsing the data (#1746857)
[239-17]
- mount: simplify /proc/self/mountinfo handler (#1696178)
- mount: rescan /proc/self/mountinfo before processing waitid() results (#1696178)
- swap: scan /proc/swaps before processing waitid() results (#1696178)
- analyze-security: fix potential division by zero (#1734400)
[239-16]
- sd-bus: deal with cookie overruns (#1694999)
- journal-remote: do not request Content-Length if Transfer-Encoding is chunked (#1708849)
- journal: do not remove multiple spaces after identifier in syslog message (#1691817)
- cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. (#1719153)
- cryptsetup: call crypt_load() for LUKS only once (#1719153)
- cryptsetup: Add LUKS2 token support. (#1719153)
- udev/scsi_id: fix incorrect page length when get device identification VPD page (#1713227)
- Change job mode of manager triggered restarts to JOB_REPLACE (#11456
- bash-completion: analyze: support 'security' (#1733395)
- man: note that journal does not validate syslog fields (#1707175)
- rules: skip memory hotplug on ppc64 (#1713159)
[239-15]
- tree-wide: shorten error logging a bit (#1697893)
- nspawn: simplify machine terminate bus call (#1697893)
- nspawn: merge two variable declaration lines (#1697893)
- nspawn: rework how we allocate/kill scopes (#1697893)
- unit: enqueue cgroup empty check event if the last ref on a unit is dropped (#1697893)
- Revert 'journal: remove journal audit socket' (#1699287)
- journal: dont enable systemd-journald-audit.socket by default (#1699287)
- logs-show: use grey color for de-emphasizing journal log output (#1695601)
- units: add [Install] section to tmp.mount (#1667065)
- nss: do not modify errno when NSS_STATUS_NOTFOUND or NSS_STATUS_SUCCESS (#1691691)
- util.h: add new UNPROTECT_ERRNO macro (#1691691)
- nss: unportect errno before writing to NSS *errnop (#1691691)
- seccomp: reduce logging about failure to add syscall to seccomp (#1658691)
- format-table: when duplicating a cell, also copy the color (#1689832)
- format-table: optionally make specific cells clickable links (#1689832)
- format-table: before outputting a color, check if colors are available (#1689832)
- format-table: add option to store/format percent and uint64_t values in cells (#1689832)
- format-table: optionally allow reversing the sort order for a column (#1689832)
- format-table: add table_update() to update existing entries (#1689832)
- format-table: add an API for getting the cell at a specific row/column (#1689832)
- format-table: always underline header line (#1689832)
- format-table: add calls to query the data in a specific cell (#1689832)
- format-table: make sure we never call memcmp() with NULL parameters (#1689832)
- format-table: use right field for display (#1689832)
- format-table: add option to uppercase cells on display (#1689832)
- format-table: never try to reuse cells that have color/url/uppercase set (#1689832)
- locale-util: add logic to output smiley emojis at various happiness levels (#1689832)
- analyze: add new security verb (#1689832)
- tests: add a rudimentary fuzzer for server_process_syslog_message (#9979) (#1696224)
- journald: make it clear that dev_kmsg_record modifies the string passed to it (#1696224)
- journald: free the allocated memory before returning from dev_kmsg_record (#1696224)
- tests: rework the code fuzzing journald (#1696224)
- journald: make server_process_native_message compatible with fuzz_journald_processing_function (#1696224)
- tests: add a fuzzer for server_process_native_message (#1696224)
- tests: add a fuzzer for sd-ndisc (#1696224)
- ndisc: fix two infinite loops (#1696224)
- tests: add reproducers for several issues uncovered with fuzz-journald-syslog (#1696224)
- tests: add a reproducer for an infinite loop in ndisc_handle_datagram (#1696224)
- tests: add a reproducer for another infinite loop in ndisc_handle_datagram (#1696224)
- fuzz: rename 'fuzz-corpus' directory to just 'fuzz' (#1696224)
- test: add testcase for issue 10007 by oss-fuzz (#1696224)
- fuzz: unify the 'fuzz-regressions' directory with the main corpus (#1696224)
- test-bus-marshal: use cescaping instead of hexmem (#1696224)
- meson: add -Dlog-trace to set LOG_TRACE (#1696224)
- meson: allow building resolved and machined without nss modules (#1696224)
- meson: drop duplicated condition (#1696224)
- meson: use .source_root() in more places (#1696224)
- meson: treat all fuzz cases as unit tests (#1696224)
- fuzz-bus-message: add fuzzer for message parsing (#1696224)
- bus-message: use structured initialization to avoid use of unitialized memory (#1696224)
- bus-message: avoid an infinite loop on empty structures (#1696224)
- bus-message: lets always use -EBADMSG when the message is bad (#1696224)
- bus-message: rename function for clarity (#1696224)
- bus-message: use define (#1696224)
- bus: do not print (null) if the message has unknown type (#1696224)
- bus-message: fix calculation of offsets table (#1696224)
- bus-message: remove duplicate assignment (#1696224)
- bus-message: fix calculation of offsets table for arrays (#1696224)
- bus-message: drop asserts in functions which are wrappers for varargs version (#1696224)
- bus-message: output debug information about offset troubles (#1696224)
- bus-message: fix skipping of array fields in !gvariant messages (#1696224)
- bus-message: also properly copy struct signature when skipping (#1696224)
- fuzz-bus-message: add two test cases that pass now (#1696224)
- bus-message: return -EBADMSG not -EINVAL on invalid !gvariant messages (#1696224)
- bus-message: avoid wrap-around when using length read from message (#1696224)
- util: do not use stack frame for parsing arbitrary inputs (#1696224)
- travis: enable ASan and UBSan on RHEL8 (#1683319)
- tests: keep SYS_PTRACE when running under ASan (#1683319)
- tree-wide: various ubsan zero size memory fixes (#1683319)
- util: introduce memcmp_safe() (#1683319)
- test-socket-util: avoid 'memleak' reported by valgrind (#1683319)
- sd-journal: escape binary data in match_make_string() (#1683319)
- capability: introduce CAP_TO_MASK_CORRECTED() macro replacing CAP_TO_MASK() (#1683319)
- sd-bus: use size_t when dealing with memory offsets (#1683319)
- sd-bus: call cap_last_cap() only once in has_cap() (#1683319)
- mount-point: honour AT_SYMLINK_FOLLOW correctly (#1683319)
- travis: switch from trusty to xenial (#1683319)
- test-socket-util: Add tests for receive_fd_iov() and friends. (#1683319)
- socket-util: Introduce send_one_fd_iov() and receive_one_fd_iov() (#1683319)
- core: swap order of 'n_storage_fds' and 'n_socket_fds' parameters (#1683334)
- execute: use our usual syntax for defining bit masks (#1683334)
- core: introduce new Type=exec service type (#1683334)
- man: document the new Type=exec type (#1683334)
- sd-bus: allow connecting to the pseudo-container '.host' (#1683334)
- sd-login: lets also make sd-login understand '.host' (#1683334)
- test: add test for Type=exec (#1683334)
- journal-gateway: explicitly declare local variables (#1705971)
- tools: drop unused variable (#1705971)
- journal-gateway: use localStorage['cursor'] only when it has valid value (#1705971)
[239-14]
- rules: implement new memory hotplug policy (#1670728)
- rules: add the rule that adds elevator= kernel command line parameter (#1670126)
- bus-socket: Fix line_begins() to accept word matching full string (#1692991)
- Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1678641)
- Allocate temporary strings to hold dbus paths on the heap (#1678641)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1678641)
- Revert 'core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it (#1703485)
Related CVEs
| CVE-2019-15718 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | systemd-239-18.0.1.el8.src.rpm | 716da86870bd4f01061fb83a169f3a55a87cdce7dae2f97f23cbafe6ccae371d | - | ol8_aarch64_baseos_latest |
| systemd-239-18.0.1.el8.aarch64.rpm | 35202ab5b27f806f13b933b74c63fe818ea004ae94682a442c91254147a7fa64 | - | ol8_aarch64_baseos_latest | |
| systemd-container-239-18.0.1.el8.aarch64.rpm | e10fdbfe27e5229e4ba5220e1d08050196cd94c22b6ead40dae9535fab40f499 | - | ol8_aarch64_baseos_latest | |
| systemd-devel-239-18.0.1.el8.aarch64.rpm | b331c348f127407046136adde39e785c5f130f6ee9d0cb93018066e8790b478d | - | ol8_aarch64_baseos_latest | |
| systemd-journal-remote-239-18.0.1.el8.aarch64.rpm | b2086387d0f0f42bc70932d2f61963e037827adfaaada7b7d3d273a90f4371dc | - | ol8_aarch64_baseos_latest | |
| systemd-libs-239-18.0.1.el8.aarch64.rpm | 2ebe8ceb71a1c44e8bafb243ad8a43ed72e8d2f93e45b365ccb1b198f37daa01 | - | ol8_aarch64_baseos_latest | |
| systemd-pam-239-18.0.1.el8.aarch64.rpm | 856faad40af6ac191934cb910a78d4cff67a76e630cfb3738712195b35c8822e | - | ol8_aarch64_baseos_latest | |
| systemd-tests-239-18.0.1.el8.aarch64.rpm | 3a6a39eee9d4fbfbff3608fc4a55ddb986ac1779800e2908834eeceef09f7dc4 | - | ol8_aarch64_baseos_latest | |
| systemd-udev-239-18.0.1.el8.aarch64.rpm | c8cc9ff66c0f4fdfac5c4f4c8c793ab6e0a54e906561318d58c8eda685158179 | - | ol8_aarch64_baseos_latest | |
| Oracle Linux 8 (x86_64) | systemd-239-18.0.1.el8.src.rpm | 716da86870bd4f01061fb83a169f3a55a87cdce7dae2f97f23cbafe6ccae371d | - | ol8_x86_64_baseos_latest |
| systemd-239-18.0.1.el8.src.rpm | 716da86870bd4f01061fb83a169f3a55a87cdce7dae2f97f23cbafe6ccae371d | - | ol8_x86_64_u1_baseos_base | |
| systemd-239-18.0.1.el8.i686.rpm | 12b6278e3e851353516e5fb8c4e23f6df9913802e8ed7078270f2f3f0ad3ab45 | - | ol8_x86_64_baseos_latest | |
| systemd-239-18.0.1.el8.i686.rpm | 12b6278e3e851353516e5fb8c4e23f6df9913802e8ed7078270f2f3f0ad3ab45 | - | ol8_x86_64_u1_baseos_base | |
| systemd-239-18.0.1.el8.x86_64.rpm | e7d3564bdbc297b329101a1a22685af812fcf691ae2f31ae3de4bdcd1d9c2584 | - | ol8_x86_64_baseos_latest | |
| systemd-239-18.0.1.el8.x86_64.rpm | e7d3564bdbc297b329101a1a22685af812fcf691ae2f31ae3de4bdcd1d9c2584 | - | ol8_x86_64_u1_baseos_base | |
| systemd-container-239-18.0.1.el8.i686.rpm | 10df5e58a6ff44e2391b477a4c58dfea9bdd0b646ef3034738db5e8084fcd267 | - | ol8_x86_64_baseos_latest | |
| systemd-container-239-18.0.1.el8.i686.rpm | 10df5e58a6ff44e2391b477a4c58dfea9bdd0b646ef3034738db5e8084fcd267 | - | ol8_x86_64_u1_baseos_base | |
| systemd-container-239-18.0.1.el8.x86_64.rpm | 26528d2fece4fe45011aabfd93292d87212fd63a8a617b86d3b838d85571a3ec | - | ol8_x86_64_baseos_latest | |
| systemd-container-239-18.0.1.el8.x86_64.rpm | 26528d2fece4fe45011aabfd93292d87212fd63a8a617b86d3b838d85571a3ec | - | ol8_x86_64_u1_baseos_base | |
| systemd-devel-239-18.0.1.el8.i686.rpm | 87aab202dff46e0ad107c56cb9ebcfe975109b2db081e04c6abe33182b407137 | - | ol8_x86_64_baseos_latest | |
| systemd-devel-239-18.0.1.el8.i686.rpm | 87aab202dff46e0ad107c56cb9ebcfe975109b2db081e04c6abe33182b407137 | - | ol8_x86_64_u1_baseos_base | |
| systemd-devel-239-18.0.1.el8.x86_64.rpm | 62b7b1258a5780aa8b0169459ea88f1c132662bfc8e2ef0dfc318ee4fff404ce | - | ol8_x86_64_baseos_latest | |
| systemd-devel-239-18.0.1.el8.x86_64.rpm | 62b7b1258a5780aa8b0169459ea88f1c132662bfc8e2ef0dfc318ee4fff404ce | - | ol8_x86_64_u1_baseos_base | |
| systemd-journal-remote-239-18.0.1.el8.x86_64.rpm | f39e0d5db5117f9c71e2a547c6f4a633aa4ba00df454e72debd451c7091ab8bc | - | ol8_x86_64_baseos_latest | |
| systemd-journal-remote-239-18.0.1.el8.x86_64.rpm | f39e0d5db5117f9c71e2a547c6f4a633aa4ba00df454e72debd451c7091ab8bc | - | ol8_x86_64_u1_baseos_base | |
| systemd-libs-239-18.0.1.el8.i686.rpm | f76291b56a7a83ad7242fa71895ef68cf7bf003d924b69e6e0558fc8c858662f | - | ol8_x86_64_baseos_latest | |
| systemd-libs-239-18.0.1.el8.i686.rpm | f76291b56a7a83ad7242fa71895ef68cf7bf003d924b69e6e0558fc8c858662f | - | ol8_x86_64_u1_baseos_base | |
| systemd-libs-239-18.0.1.el8.x86_64.rpm | 77085928de8ac864af67432e54e0012915dd8a6579768daf36a43a667506b4fe | - | ol8_x86_64_baseos_latest | |
| systemd-libs-239-18.0.1.el8.x86_64.rpm | 77085928de8ac864af67432e54e0012915dd8a6579768daf36a43a667506b4fe | - | ol8_x86_64_u1_baseos_base | |
| systemd-pam-239-18.0.1.el8.x86_64.rpm | 7e854c5949859de7ee3fc526f729143e5e4e771aee384872e8268ed85faa354b | - | ol8_x86_64_baseos_latest | |
| systemd-pam-239-18.0.1.el8.x86_64.rpm | 7e854c5949859de7ee3fc526f729143e5e4e771aee384872e8268ed85faa354b | - | ol8_x86_64_u1_baseos_base | |
| systemd-tests-239-18.0.1.el8.x86_64.rpm | f272639eb6a17b20a60e45f9b0c066a8d7263348e9aa3434593dccab42965562 | - | ol8_x86_64_baseos_latest | |
| systemd-tests-239-18.0.1.el8.x86_64.rpm | f272639eb6a17b20a60e45f9b0c066a8d7263348e9aa3434593dccab42965562 | - | ol8_x86_64_u1_baseos_base | |
| systemd-udev-239-18.0.1.el8.x86_64.rpm | dfeac717c47a394e20fc6632bb98b6a2c9ed148a496f792804a7fd538409b1c1 | - | ol8_x86_64_baseos_latest | |
| systemd-udev-239-18.0.1.el8.x86_64.rpm | dfeac717c47a394e20fc6632bb98b6a2c9ed148a496f792804a7fd538409b1c1 | - | ol8_x86_64_u1_baseos_base | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
