ELSA-2020-4553
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-4553
ELSA-2020-4553 - systemd security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | LOW |
| Release Date: | 2020-11-10 |
Description
[239-40.0.1]
- backport upstream pstore tmpfiles patch [Orabug: 31420486]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- fix to generate systemd-pstore.service file [Orabug: 30230056]
- fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
[239-40]
- units: add generic boot-complete.target (#1872243)
- man: document new 'boot-complete.target' unit (#1872243)
- core: make sure to restore the control command id, too (#1829867)
[239-39]
- device: make sure we emit PropertiesChanged signal once we set sysfs (#1793533)
- device: dont emit PropetiesChanged needlessly (#1793533)
[239-38]
- spec: fix rpm verification (#1702300)
[239-37]
- spec: dont package /etc/systemd/system/dbus-org.freedesktop.resolve1.service (#1844465)
[239-36]
- core: dont consider SERVICE_SKIP_CONDITION for abnormal or failure restarts (#1737283)
- selinux: do preprocessor check only in selinux-access.c (#1830861)
- basic/cgroup-util: introduce cg_get_keyed_attribute_full() (#1830861)
- shared: add generic logic for waiting for a unit to enter some state (#1830861)
- shared: fix assert call (#1830861)
- shared: Dont try calling NULL callback in bus_wait_for_units_clear (#1830861)
- shared: add NULL callback check in one more place (#1830861)
- core: introduce support for cgroup freezer (#1830861)
- core/cgroup: fix return value of unit_cgorup_freezer_action() (#1830861)
- core: fix the return value in order to make sure we dont dipatch method return too early (#1830861)
- test: add test for cgroup v2 freezer support (#1830861)
- fix mis-merge (#1848421)
- tests: sleep a bit and give kernel time to perform the action after manual freeze/thaw (#1848421)
[239-35]
- spec: fix rpm verification (#1702300)
[239-34]
- spec: fix rpm verification (#1702300)
[239-33]
- tmpfiles: fix crash with NULL in arg_root and other fixes and tests (#1836024)
- sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set (#1625929)
- resolvconf: fixes for the compatibility interface (#1835594)
- mount: dont add Requires for tmp.mount (#1748840)
- core: coldplug possible nop_job (#1829798)
- core: add IODeviceLatencyTargetSec (#1831519)
- time-util: Introduce parse_sec_def_infinity (#1770379)
- cgroup: use structured initialization (#1770379)
- core: add CPUQuotaPeriodSec= (#1770379)
- core: downgrade CPUQuotaPeriodSec= clamping logs to debug (#1770379)
- sd-bus: avoid magic number in SASL length calculation (#1838081)
- sd-bus: fix SASL reply to empty AUTH (#1838081)
- sd-bus: skip sending formatted UIDs via SASL (#1838081)
- core: add MemoryMin (#1763435)
- core: introduce cgroup_add_device_allow() (#1763435)
- test: remove support for suffix in get_testdata_dir() (#1763435)
- cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow (#1763435)
- cgroup: Create UNIT_DEFINE_ANCESTOR_MEMORY_LOOKUP (#1763435)
- unit: Add DefaultMemoryMin (#1763435)
- cgroup: Polish hierarchically aware protection docs a bit (#1763435)
- cgroup: Readd some plumbing for DefaultMemoryMin (#1763435)
- cgroup: Support 0-value for memory protection directives (#1763435)
- cgroup: Test that its possible to set memory protection to 0 again (#1763435)
- cgroup: Check ancestor memory min for unified memory config (#1763435)
- cgroup: Respect DefaultMemoryMin when setting memory.min (#1763435)
- cgroup: Mark memory protections as explicitly set in transient units (#1763435)
- meson: allow setting the version string during configuration (#1804252)
[239-32]
- pid1: fix DefaultTasksMax initialization (#1809037)
- cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940)
- test: introduce TEST-36-NUMAPOLICY (#1808940)
- test: replace 'tail -f' with journal cursor which should be... (#1808940)
- test: support MPOL_LOCAL matching in unpatched strace versions (#1808940)
- test: make sure the strace process is indeed dead (#1808940)
- test: skip the test on systems without NUMA support (#1808940)
- test: give strace some time to initialize (#1808940)
- test: add a simple sanity check for systems without NUMA support (#1808940)
- test: drop the missed || exit 1 expression (#1808940)
- test: replace cursor file with a plain cursor (#1808940)
- cryptsetup: Treat key file errors as a failed password attempt (#1763155)
- swap: finish the secondary swap units jobs if deactivation of the primary swap unit fails (#1749622)
- resolved: Recover missing PrivateTmp=yes and ProtectSystem=strict (#1810869)
- bus_open leak sd_event_source when udevadm trigger (#1798504)
- core: rework StopWhenUnneeded= logic (#1798046)
- pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= (#1818054)
- core: fix re-realization of cgroup siblings (#1818054)
- basic: use comma as separator in cpuset cgroup cpu ranges (#1818054)
- core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766479)
- sd-journal: close journal files that were deleted by journald before weve setup inotify watch (#1796128)
- sd-journal: remove the dead code and actually fix #14695 (#1796128)
- udev: downgrade message when we fail to set inotify watch up (#1808051)
- logind: check PolicyKit before allowing VT switch (#1797679)
- test: do not use global variable to pass error (#1823767)
- test: install libraries required by tests (#1823767)
- test: introduce install_zoneinfo() (#1823767)
- test: replace duplicated Makefile by symbolic link (#1823767)
- test: add paths of keymaps in install_keymaps() (#1823767)
- test: make install_keymaps() optionally install more keymaps (#1823767)
- test-fs-util: skip some tests when running in unprivileged container (#1823767)
- test-process-util: skip several verifications when running in unprivileged container (#1823767)
- test-execute: also check python3 is installed or not (#1823767)
- test-execute: skip several tests when running in container (#1823767)
- test: introduce test_is_running_from_builddir() (#1823767)
- test: make test-catalog relocatable (#1823767)
- test: parallelize tasks in TEST-24-UNIT-TESTS (#1823767)
- test: try to determine QEMU_SMP dynamically (#1823767)
- test: store coredumps in journal (#1823767)
- pid1: add new kernel cmdline arg systemd.cpu_affinity= (#1812894)
- udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1820112)
- man: be clearer that .timer time expressions need to be reset to override them (#1816908)
- Add support for opening files for appending (#1809175)
- nspawn: move payload to sub-cgroup first, then sync cgroup trees (#1837094)
- core: move unit_status_emit_starting_stopping_reloading() and related calls to job.c (#1737283)
- job: when a job was skipped due to a failed condition, log about it (#1737283)
- core: split out all logic that updates a Job on a units unit_notify() invocation (#1737283)
- core: make log messages about units entering a 'failed' state recognizable (#1737283)
- core: log a recognizable message when a unit succeeds, too (#1737283)
- tests: always use the right vtable wrapper calls (#1737283)
- test-execute: allow filtering test cases by pattern (#1737283)
- test-execute: provide custom failure message (#1737283)
- core: ExecCondition= for services (#1737283)
- Drop support for lz4 < 1.3.0 (#1843871)
- test-compress: add test for short decompress_startswith calls (#1843871)
- journal: adapt for new improved LZ4_decompress_safe_partial() (#1843871)
- fuzz-compress: add fuzzer for compression and decompression (#1843871)
- seccomp: fix __NR__sysctl usage (#1843871)
Related CVEs
| CVE-2019-20386 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | systemd-239-40.0.1.el8.src.rpm | 6a9a5c2195068d86b4a133e50c2c2751a4d6b3ecaaa496b37c406fffe4133f2a | - | ol8_aarch64_baseos_latest |
| systemd-239-40.0.1.el8.src.rpm | 6a9a5c2195068d86b4a133e50c2c2751a4d6b3ecaaa496b37c406fffe4133f2a | - | ol8_aarch64_u3_baseos_base | |
| systemd-239-40.0.1.el8.aarch64.rpm | 763ad7480d35d6e10308ded8d9ae3befa776e5d1171e324535f6cc5c0287551d | - | ol8_aarch64_baseos_latest | |
| systemd-239-40.0.1.el8.aarch64.rpm | 763ad7480d35d6e10308ded8d9ae3befa776e5d1171e324535f6cc5c0287551d | - | ol8_aarch64_u3_baseos_base | |
| systemd-container-239-40.0.1.el8.aarch64.rpm | 93ef00f0b55c27a13c8edd320e638b2c00ae4f03b02158f89b4038493fa193af | - | ol8_aarch64_baseos_latest | |
| systemd-container-239-40.0.1.el8.aarch64.rpm | 93ef00f0b55c27a13c8edd320e638b2c00ae4f03b02158f89b4038493fa193af | - | ol8_aarch64_u3_baseos_base | |
| systemd-devel-239-40.0.1.el8.aarch64.rpm | 8b705fa248f5ca8aa2db9e3943a87816d4d7afd5290e38eef8ea082bb7841cd2 | - | ol8_aarch64_baseos_latest | |
| systemd-devel-239-40.0.1.el8.aarch64.rpm | 8b705fa248f5ca8aa2db9e3943a87816d4d7afd5290e38eef8ea082bb7841cd2 | - | ol8_aarch64_u3_baseos_base | |
| systemd-journal-remote-239-40.0.1.el8.aarch64.rpm | 7ea30a99ab7772ff7ab4edbdbbc7daa679ae3062724d2a1ee77d0f7963bea01f | - | ol8_aarch64_baseos_latest | |
| systemd-journal-remote-239-40.0.1.el8.aarch64.rpm | 7ea30a99ab7772ff7ab4edbdbbc7daa679ae3062724d2a1ee77d0f7963bea01f | - | ol8_aarch64_u3_baseos_base | |
| systemd-libs-239-40.0.1.el8.aarch64.rpm | a55c54519f934147f7f92debe6e97e20bdf0a3bd8c9420258a2f74846e1d2988 | - | ol8_aarch64_baseos_latest | |
| systemd-libs-239-40.0.1.el8.aarch64.rpm | a55c54519f934147f7f92debe6e97e20bdf0a3bd8c9420258a2f74846e1d2988 | - | ol8_aarch64_u3_baseos_base | |
| systemd-pam-239-40.0.1.el8.aarch64.rpm | 768f99a526730e55c7bd300f57263d86d4498db7c766301739f2eacbc8d7baf0 | - | ol8_aarch64_baseos_latest | |
| systemd-pam-239-40.0.1.el8.aarch64.rpm | 768f99a526730e55c7bd300f57263d86d4498db7c766301739f2eacbc8d7baf0 | - | ol8_aarch64_u3_baseos_base | |
| systemd-tests-239-40.0.1.el8.aarch64.rpm | 14122ce6c6424a49f43559ebeeb14db4752f47b9e768e139c56ee8149c79c47d | - | ol8_aarch64_baseos_latest | |
| systemd-tests-239-40.0.1.el8.aarch64.rpm | 14122ce6c6424a49f43559ebeeb14db4752f47b9e768e139c56ee8149c79c47d | - | ol8_aarch64_u3_baseos_base | |
| systemd-udev-239-40.0.1.el8.aarch64.rpm | 39887820333e5d559329ac2114d8c5880fc0e61caa56d8945890777c864fe0ab | - | ol8_aarch64_baseos_latest | |
| systemd-udev-239-40.0.1.el8.aarch64.rpm | 39887820333e5d559329ac2114d8c5880fc0e61caa56d8945890777c864fe0ab | - | ol8_aarch64_u3_baseos_base | |
| Oracle Linux 8 (x86_64) | systemd-239-40.0.1.el8.src.rpm | 6a9a5c2195068d86b4a133e50c2c2751a4d6b3ecaaa496b37c406fffe4133f2a | - | ol8_x86_64_baseos_latest |
| systemd-239-40.0.1.el8.src.rpm | 6a9a5c2195068d86b4a133e50c2c2751a4d6b3ecaaa496b37c406fffe4133f2a | - | ol8_x86_64_u3_baseos_base | |
| systemd-239-40.0.1.el8.i686.rpm | 10fdf5822a0fdf7f97145c87f846aa5d93ad9ecb6b0360a176d0019c9c65f37f | - | ol8_x86_64_baseos_latest | |
| systemd-239-40.0.1.el8.i686.rpm | 10fdf5822a0fdf7f97145c87f846aa5d93ad9ecb6b0360a176d0019c9c65f37f | - | ol8_x86_64_u3_baseos_base | |
| systemd-239-40.0.1.el8.x86_64.rpm | e68a4aafb774a25cc9ea668e378835e47bb068ed9b79b7c70977afafea8b61aa | - | ol8_x86_64_baseos_latest | |
| systemd-239-40.0.1.el8.x86_64.rpm | e68a4aafb774a25cc9ea668e378835e47bb068ed9b79b7c70977afafea8b61aa | - | ol8_x86_64_u3_baseos_base | |
| systemd-container-239-40.0.1.el8.i686.rpm | a976e81643ac8b84269ffefc687c21069d5caa69e332be788132d32419546877 | - | ol8_x86_64_baseos_latest | |
| systemd-container-239-40.0.1.el8.i686.rpm | a976e81643ac8b84269ffefc687c21069d5caa69e332be788132d32419546877 | - | ol8_x86_64_u3_baseos_base | |
| systemd-container-239-40.0.1.el8.x86_64.rpm | 4ddaf563109f0d2b7f99c8e1eefe114b3eb8189bf2a76908139dd05da8cadcb9 | - | ol8_x86_64_baseos_latest | |
| systemd-container-239-40.0.1.el8.x86_64.rpm | 4ddaf563109f0d2b7f99c8e1eefe114b3eb8189bf2a76908139dd05da8cadcb9 | - | ol8_x86_64_u3_baseos_base | |
| systemd-devel-239-40.0.1.el8.i686.rpm | 74579092577cfce7b62888344c244d378294da660b42d10b4b601ab73fe625b6 | - | ol8_x86_64_baseos_latest | |
| systemd-devel-239-40.0.1.el8.i686.rpm | 74579092577cfce7b62888344c244d378294da660b42d10b4b601ab73fe625b6 | - | ol8_x86_64_u3_baseos_base | |
| systemd-devel-239-40.0.1.el8.x86_64.rpm | 741a5e66416671015dd5707e955d89f29cc5404acade04451590355efe4c233d | - | ol8_x86_64_baseos_latest | |
| systemd-devel-239-40.0.1.el8.x86_64.rpm | 741a5e66416671015dd5707e955d89f29cc5404acade04451590355efe4c233d | - | ol8_x86_64_u3_baseos_base | |
| systemd-journal-remote-239-40.0.1.el8.x86_64.rpm | 437eb07267e1d062c3b96fc99c5521b4226904752b984397f37aacb8c0fb1bba | - | ol8_x86_64_baseos_latest | |
| systemd-journal-remote-239-40.0.1.el8.x86_64.rpm | 437eb07267e1d062c3b96fc99c5521b4226904752b984397f37aacb8c0fb1bba | - | ol8_x86_64_u3_baseos_base | |
| systemd-libs-239-40.0.1.el8.i686.rpm | 770a1d7636f9ebb003922aaf03ce2ea35712e6b474535bee3dcf5b2b9786b7e0 | - | ol8_x86_64_baseos_latest | |
| systemd-libs-239-40.0.1.el8.i686.rpm | 770a1d7636f9ebb003922aaf03ce2ea35712e6b474535bee3dcf5b2b9786b7e0 | - | ol8_x86_64_u3_baseos_base | |
| systemd-libs-239-40.0.1.el8.x86_64.rpm | ade8da02d0491746f1fdbeffcaa5354d464cd45da7e8d5a6528387fa64893f84 | - | ol8_x86_64_baseos_latest | |
| systemd-libs-239-40.0.1.el8.x86_64.rpm | ade8da02d0491746f1fdbeffcaa5354d464cd45da7e8d5a6528387fa64893f84 | - | ol8_x86_64_u3_baseos_base | |
| systemd-pam-239-40.0.1.el8.x86_64.rpm | 3ce0c25bddb078208fe79686890ac1efa16c266e3625040ccf8e8269c8740947 | - | ol8_x86_64_baseos_latest | |
| systemd-pam-239-40.0.1.el8.x86_64.rpm | 3ce0c25bddb078208fe79686890ac1efa16c266e3625040ccf8e8269c8740947 | - | ol8_x86_64_u3_baseos_base | |
| systemd-tests-239-40.0.1.el8.x86_64.rpm | ca721f6e4af56bbfe8d81ae4d5bc9187944dace1d00c369ceda81a3ffc49051e | - | ol8_x86_64_baseos_latest | |
| systemd-tests-239-40.0.1.el8.x86_64.rpm | ca721f6e4af56bbfe8d81ae4d5bc9187944dace1d00c369ceda81a3ffc49051e | - | ol8_x86_64_u3_baseos_base | |
| systemd-udev-239-40.0.1.el8.x86_64.rpm | 39b7a6a7c46710467ad4d56e6bc70a1df540b99fd5d631656ce12ae39a2399fe | - | ol8_x86_64_baseos_latest | |
| systemd-udev-239-40.0.1.el8.x86_64.rpm | 39b7a6a7c46710467ad4d56e6bc70a1df540b99fd5d631656ce12ae39a2399fe | - | ol8_x86_64_u3_baseos_base | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
