ELSA-2024-3203

ELSA-2024-3203 - systemd security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-05-23

Description


[239-82.0.1]
- Fixed deletion issue for symlink when device is opened [Orabug: 36228608]
- Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376]
- 1A) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 35871376]
- 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376]
- 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]
- Backport upstream pstore dmesg fix [Orabug: 34850699]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273]
- Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629
- Detect podman as separate container type [Orabug: 31922204]
- improve container detection logic [Orabug: 31922204]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]
- Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
- Removed unneeded patches (Already provided upstream or not required)
- 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- 1800-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch (#2175624)
- 1801-pager-make-pager-secure-when-under-euid-is-changed-o.patch (#2175624)
- 1802-pstore-fix-crash-and-forward-dummy-arguments-instead.patch (#2190151)
- 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486]
- 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167)
- 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167)
- 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769)
- systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769)
- Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
- systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)

[239-82]
- ci: add configuration for regression sniffer GA (RHEL-1087)
- coredump: actually store parsed unit in the context (RHEL-18302)
- resolved: limit the number of signature validations in a transaction (RHEL-26644)
- resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26644)

[239-81]
- man: update link to RHEL documentation (RHEL-26355)

[239-80]
- fd-util: rework how we determine highest possible fd (RHEL-18302)
- basic/fd-util: refuse 'infinite' loop in close_all_fds() (RHEL-18302)
- fd-util: split out inner fallback loop of close_all_fds() as close_all_fds_without_malloc() (RHEL-18302)
- exec-util: use close_all_fds_without_malloc() from freeze() (RHEL-18302)
- ci: use source-git-automation composite Action (RHEL-1087)
- ci: increase the cron interval to 45 minutes (RHEL-1087)
- ci: add all Z-Stream versions to array of allowed versions (RHEL-1087)
- tree-wide: always declare bitflag enums the same way (RHEL-2857)
- login: Add KEY_RESTART handling (RHEL-2857)
- analyze security: fix recursive call of syscall_names_in_filter() (RHEL-5991)
- analyze-security: do not assign badness to filtered-out syscalls (RHEL-5991)
- analyze-security: include an actual syscall name in the message (RHEL-5991)
- udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22426)
- doc: add missing to systemd.net-naming-scheme.xml (RHEL-22426)
- service: schedule cleanup of PID hashmaps when we now longer have main_pid and we are in container (RHEL-5863)

[239-79]
- ci: Extend source-git-automation (RHEL-1087)
- ci: add missing configuration for commit linter (RHEL-1087)
- ci: add Red Hat Enterprise Linux 8 to the list of supported products (RHEL-1087)
- ci: enable source-git automation to validate reviews and ci results (RHEL-1087)
- ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1087)
- ci: enable auto-merge GH Action (RHEL-1087)
- fstab-generator: allow overriding /etc/fstab with (RHEL-1087)
- fstab-generator: allow overriding path to /sysroot/etc/fstab too (RHEL-1087)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-1087)
- resolved: actually check authenticated flag of SOA transaction (RHEL-6213)


Related CVEs


CVE-2023-7008

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) systemd-239-82.0.1.el8.src.rpm43b02c4845d1fe50a83242cf79c8b279-ol8_aarch64_baseos_latest
systemd-239-82.0.1.el8.src.rpm43b02c4845d1fe50a83242cf79c8b279-ol8_aarch64_u10_baseos_base
systemd-239-82.0.1.el8.aarch64.rpm2acb5dce026cd8e65367cbd69d59b162-ol8_aarch64_baseos_latest
systemd-239-82.0.1.el8.aarch64.rpm2acb5dce026cd8e65367cbd69d59b162-ol8_aarch64_u10_baseos_base
systemd-container-239-82.0.1.el8.aarch64.rpm575effff0af32b7c04c745304b7614d4-ol8_aarch64_baseos_latest
systemd-container-239-82.0.1.el8.aarch64.rpm575effff0af32b7c04c745304b7614d4-ol8_aarch64_u10_baseos_base
systemd-devel-239-82.0.1.el8.aarch64.rpmb07120b6ef1074ab55f2abe441ea0530-ol8_aarch64_baseos_latest
systemd-devel-239-82.0.1.el8.aarch64.rpmb07120b6ef1074ab55f2abe441ea0530-ol8_aarch64_u10_baseos_base
systemd-journal-remote-239-82.0.1.el8.aarch64.rpm2c8084e0866689513cc220f7b651c858-ol8_aarch64_baseos_latest
systemd-journal-remote-239-82.0.1.el8.aarch64.rpm2c8084e0866689513cc220f7b651c858-ol8_aarch64_u10_baseos_base
systemd-libs-239-82.0.1.el8.aarch64.rpma69208b70c0d8365b907f355c49596e0-ol8_aarch64_baseos_latest
systemd-libs-239-82.0.1.el8.aarch64.rpma69208b70c0d8365b907f355c49596e0-ol8_aarch64_u10_baseos_base
systemd-pam-239-82.0.1.el8.aarch64.rpm0424097a186556577f4a8643c5ba4bbf-ol8_aarch64_baseos_latest
systemd-pam-239-82.0.1.el8.aarch64.rpm0424097a186556577f4a8643c5ba4bbf-ol8_aarch64_u10_baseos_base
systemd-tests-239-82.0.1.el8.aarch64.rpm259adbf10c07eedf58c16a351670a302-ol8_aarch64_baseos_latest
systemd-tests-239-82.0.1.el8.aarch64.rpm259adbf10c07eedf58c16a351670a302-ol8_aarch64_u10_baseos_base
systemd-udev-239-82.0.1.el8.aarch64.rpm1a18d92f0358bf89efdff170bbe2bd6b-ol8_aarch64_baseos_latest
systemd-udev-239-82.0.1.el8.aarch64.rpm1a18d92f0358bf89efdff170bbe2bd6b-ol8_aarch64_u10_baseos_base
Oracle Linux 8 (x86_64) systemd-239-82.0.1.el8.src.rpm43b02c4845d1fe50a83242cf79c8b279-ol8_x86_64_baseos_latest
systemd-239-82.0.1.el8.src.rpm43b02c4845d1fe50a83242cf79c8b279-ol8_x86_64_u10_baseos_base
systemd-239-82.0.1.el8.i686.rpmdd8e6e51ae45bf66a197c54b5c032d1b-ol8_x86_64_baseos_latest
systemd-239-82.0.1.el8.i686.rpmdd8e6e51ae45bf66a197c54b5c032d1b-ol8_x86_64_u10_baseos_base
systemd-239-82.0.1.el8.x86_64.rpmf7cd4e0b14699af9f5cf68a3f34c741d-ol8_x86_64_baseos_latest
systemd-239-82.0.1.el8.x86_64.rpmf7cd4e0b14699af9f5cf68a3f34c741d-ol8_x86_64_u10_baseos_base
systemd-container-239-82.0.1.el8.i686.rpma6f02b579f4a0ab855fb2bd65ab15d0e-ol8_x86_64_baseos_latest
systemd-container-239-82.0.1.el8.i686.rpma6f02b579f4a0ab855fb2bd65ab15d0e-ol8_x86_64_u10_baseos_base
systemd-container-239-82.0.1.el8.x86_64.rpmd738381548ce5fe84d5357cc941b73e2-ol8_x86_64_baseos_latest
systemd-container-239-82.0.1.el8.x86_64.rpmd738381548ce5fe84d5357cc941b73e2-ol8_x86_64_u10_baseos_base
systemd-devel-239-82.0.1.el8.i686.rpm76b41a577e1a09feb59088e156be5e70-ol8_x86_64_baseos_latest
systemd-devel-239-82.0.1.el8.i686.rpm76b41a577e1a09feb59088e156be5e70-ol8_x86_64_u10_baseos_base
systemd-devel-239-82.0.1.el8.x86_64.rpme545cf36090c6c70a67ab303205d4079-ol8_x86_64_baseos_latest
systemd-devel-239-82.0.1.el8.x86_64.rpme545cf36090c6c70a67ab303205d4079-ol8_x86_64_u10_baseos_base
systemd-journal-remote-239-82.0.1.el8.x86_64.rpm5984dba6be48ff852a45a1233b955fa7-ol8_x86_64_baseos_latest
systemd-journal-remote-239-82.0.1.el8.x86_64.rpm5984dba6be48ff852a45a1233b955fa7-ol8_x86_64_u10_baseos_base
systemd-libs-239-82.0.1.el8.i686.rpm9a9595b8c96e21632b2b3b91da7e0d7d-ol8_x86_64_baseos_latest
systemd-libs-239-82.0.1.el8.i686.rpm9a9595b8c96e21632b2b3b91da7e0d7d-ol8_x86_64_u10_baseos_base
systemd-libs-239-82.0.1.el8.x86_64.rpmffb088cbe937bb90bb41dca0e0d4aaf2-ol8_x86_64_baseos_latest
systemd-libs-239-82.0.1.el8.x86_64.rpmffb088cbe937bb90bb41dca0e0d4aaf2-ol8_x86_64_u10_baseos_base
systemd-pam-239-82.0.1.el8.x86_64.rpm81c436ca6059fe6f3288ea07611ea0f2-ol8_x86_64_baseos_latest
systemd-pam-239-82.0.1.el8.x86_64.rpm81c436ca6059fe6f3288ea07611ea0f2-ol8_x86_64_u10_baseos_base
systemd-tests-239-82.0.1.el8.x86_64.rpm6ea34c596ad2d3ed506a37bdece0b99d-ol8_x86_64_baseos_latest
systemd-tests-239-82.0.1.el8.x86_64.rpm6ea34c596ad2d3ed506a37bdece0b99d-ol8_x86_64_u10_baseos_base
systemd-udev-239-82.0.1.el8.x86_64.rpm645ecdcb6aef10c90f640b5579843dce-ol8_x86_64_baseos_latest
systemd-udev-239-82.0.1.el8.x86_64.rpm645ecdcb6aef10c90f640b5579843dce-ol8_x86_64_u10_baseos_base



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete