ELSA-2024-3203

ULN >
Oracle Linux Errata repository >
ELSA-2024-3203

ELSA-2024-3203 - systemd security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-05-23

Description

[239-82.0.1]
- Fixed deletion issue for symlink when device is opened [Orabug: 36228608]
- Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376]
- 1A) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 35871376]
- 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376]
- 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]
- Backport upstream pstore dmesg fix [Orabug: 34850699]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273]
- Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629
- Detect podman as separate container type [Orabug: 31922204]
- improve container detection logic [Orabug: 31922204]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]
- Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
- Removed unneeded patches (Already provided upstream or not required)
- 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- 1800-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch (#2175624)
- 1801-pager-make-pager-secure-when-under-euid-is-changed-o.patch (#2175624)
- 1802-pstore-fix-crash-and-forward-dummy-arguments-instead.patch (#2190151)
- 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486]
- 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167)
- 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167)
- 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769)
- systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769)
- Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
- systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)

[239-82]
- ci: add configuration for regression sniffer GA (RHEL-1087)
- coredump: actually store parsed unit in the context (RHEL-18302)
- resolved: limit the number of signature validations in a transaction (RHEL-26644)
- resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26644)

[239-81]
- man: update link to RHEL documentation (RHEL-26355)

[239-80]
- fd-util: rework how we determine highest possible fd (RHEL-18302)
- basic/fd-util: refuse 'infinite' loop in close_all_fds() (RHEL-18302)
- fd-util: split out inner fallback loop of close_all_fds() as close_all_fds_without_malloc() (RHEL-18302)
- exec-util: use close_all_fds_without_malloc() from freeze() (RHEL-18302)
- ci: use source-git-automation composite Action (RHEL-1087)
- ci: increase the cron interval to 45 minutes (RHEL-1087)
- ci: add all Z-Stream versions to array of allowed versions (RHEL-1087)
- tree-wide: always declare bitflag enums the same way (RHEL-2857)
- login: Add KEY_RESTART handling (RHEL-2857)
- analyze security: fix recursive call of syscall_names_in_filter() (RHEL-5991)
- analyze-security: do not assign badness to filtered-out syscalls (RHEL-5991)
- analyze-security: include an actual syscall name in the message (RHEL-5991)
- udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22426)
- doc: add missing to systemd.net-naming-scheme.xml (RHEL-22426)
- service: schedule cleanup of PID hashmaps when we now longer have main_pid and we are in container (RHEL-5863)

[239-79]
- ci: Extend source-git-automation (RHEL-1087)
- ci: add missing configuration for commit linter (RHEL-1087)
- ci: add Red Hat Enterprise Linux 8 to the list of supported products (RHEL-1087)
- ci: enable source-git automation to validate reviews and ci results (RHEL-1087)
- ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1087)
- ci: enable auto-merge GH Action (RHEL-1087)
- fstab-generator: allow overriding /etc/fstab with (RHEL-1087)
- fstab-generator: allow overriding path to /sysroot/etc/fstab too (RHEL-1087)
- test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-1087)
- resolved: actually check authenticated flag of SOA transaction (RHEL-6213)

Related CVEs

CVE-2023-7008

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	systemd-239-82.0.1.el8.src.rpm	43b02c4845d1fe50a83242cf79c8b279	-	ol8_aarch64_baseos_latest
	systemd-239-82.0.1.el8.src.rpm	43b02c4845d1fe50a83242cf79c8b279	-	ol8_aarch64_u10_baseos_base
	systemd-239-82.0.1.el8.aarch64.rpm	2acb5dce026cd8e65367cbd69d59b162	-	ol8_aarch64_baseos_latest
	systemd-239-82.0.1.el8.aarch64.rpm	2acb5dce026cd8e65367cbd69d59b162	-	ol8_aarch64_u10_baseos_base
	systemd-container-239-82.0.1.el8.aarch64.rpm	575effff0af32b7c04c745304b7614d4	-	ol8_aarch64_baseos_latest
	systemd-container-239-82.0.1.el8.aarch64.rpm	575effff0af32b7c04c745304b7614d4	-	ol8_aarch64_u10_baseos_base
	systemd-devel-239-82.0.1.el8.aarch64.rpm	b07120b6ef1074ab55f2abe441ea0530	-	ol8_aarch64_baseos_latest
	systemd-devel-239-82.0.1.el8.aarch64.rpm	b07120b6ef1074ab55f2abe441ea0530	-	ol8_aarch64_u10_baseos_base
	systemd-journal-remote-239-82.0.1.el8.aarch64.rpm	2c8084e0866689513cc220f7b651c858	-	ol8_aarch64_baseos_latest
	systemd-journal-remote-239-82.0.1.el8.aarch64.rpm	2c8084e0866689513cc220f7b651c858	-	ol8_aarch64_u10_baseos_base
	systemd-libs-239-82.0.1.el8.aarch64.rpm	a69208b70c0d8365b907f355c49596e0	-	ol8_aarch64_baseos_latest
	systemd-libs-239-82.0.1.el8.aarch64.rpm	a69208b70c0d8365b907f355c49596e0	-	ol8_aarch64_u10_baseos_base
	systemd-pam-239-82.0.1.el8.aarch64.rpm	0424097a186556577f4a8643c5ba4bbf	-	ol8_aarch64_baseos_latest
	systemd-pam-239-82.0.1.el8.aarch64.rpm	0424097a186556577f4a8643c5ba4bbf	-	ol8_aarch64_u10_baseos_base
	systemd-tests-239-82.0.1.el8.aarch64.rpm	259adbf10c07eedf58c16a351670a302	-	ol8_aarch64_baseos_latest
	systemd-tests-239-82.0.1.el8.aarch64.rpm	259adbf10c07eedf58c16a351670a302	-	ol8_aarch64_u10_baseos_base
	systemd-udev-239-82.0.1.el8.aarch64.rpm	1a18d92f0358bf89efdff170bbe2bd6b	-	ol8_aarch64_baseos_latest
	systemd-udev-239-82.0.1.el8.aarch64.rpm	1a18d92f0358bf89efdff170bbe2bd6b	-	ol8_aarch64_u10_baseos_base

Oracle Linux 8 (x86_64)	systemd-239-82.0.1.el8.src.rpm	43b02c4845d1fe50a83242cf79c8b279	-	ol8_x86_64_baseos_latest
	systemd-239-82.0.1.el8.src.rpm	43b02c4845d1fe50a83242cf79c8b279	-	ol8_x86_64_u10_baseos_base
	systemd-239-82.0.1.el8.i686.rpm	dd8e6e51ae45bf66a197c54b5c032d1b	-	ol8_x86_64_baseos_latest
	systemd-239-82.0.1.el8.i686.rpm	dd8e6e51ae45bf66a197c54b5c032d1b	-	ol8_x86_64_u10_baseos_base
	systemd-239-82.0.1.el8.x86_64.rpm	f7cd4e0b14699af9f5cf68a3f34c741d	-	ol8_x86_64_baseos_latest
	systemd-239-82.0.1.el8.x86_64.rpm	f7cd4e0b14699af9f5cf68a3f34c741d	-	ol8_x86_64_u10_baseos_base
	systemd-container-239-82.0.1.el8.i686.rpm	a6f02b579f4a0ab855fb2bd65ab15d0e	-	ol8_x86_64_baseos_latest
	systemd-container-239-82.0.1.el8.i686.rpm	a6f02b579f4a0ab855fb2bd65ab15d0e	-	ol8_x86_64_u10_baseos_base
	systemd-container-239-82.0.1.el8.x86_64.rpm	d738381548ce5fe84d5357cc941b73e2	-	ol8_x86_64_baseos_latest
	systemd-container-239-82.0.1.el8.x86_64.rpm	d738381548ce5fe84d5357cc941b73e2	-	ol8_x86_64_u10_baseos_base
	systemd-devel-239-82.0.1.el8.i686.rpm	76b41a577e1a09feb59088e156be5e70	-	ol8_x86_64_baseos_latest
	systemd-devel-239-82.0.1.el8.i686.rpm	76b41a577e1a09feb59088e156be5e70	-	ol8_x86_64_u10_baseos_base
	systemd-devel-239-82.0.1.el8.x86_64.rpm	e545cf36090c6c70a67ab303205d4079	-	ol8_x86_64_baseos_latest
	systemd-devel-239-82.0.1.el8.x86_64.rpm	e545cf36090c6c70a67ab303205d4079	-	ol8_x86_64_u10_baseos_base
	systemd-journal-remote-239-82.0.1.el8.x86_64.rpm	5984dba6be48ff852a45a1233b955fa7	-	ol8_x86_64_baseos_latest
	systemd-journal-remote-239-82.0.1.el8.x86_64.rpm	5984dba6be48ff852a45a1233b955fa7	-	ol8_x86_64_u10_baseos_base
	systemd-libs-239-82.0.1.el8.i686.rpm	9a9595b8c96e21632b2b3b91da7e0d7d	-	ol8_x86_64_baseos_latest
	systemd-libs-239-82.0.1.el8.i686.rpm	9a9595b8c96e21632b2b3b91da7e0d7d	-	ol8_x86_64_u10_baseos_base
	systemd-libs-239-82.0.1.el8.x86_64.rpm	ffb088cbe937bb90bb41dca0e0d4aaf2	-	ol8_x86_64_baseos_latest
	systemd-libs-239-82.0.1.el8.x86_64.rpm	ffb088cbe937bb90bb41dca0e0d4aaf2	-	ol8_x86_64_u10_baseos_base
	systemd-pam-239-82.0.1.el8.x86_64.rpm	81c436ca6059fe6f3288ea07611ea0f2	-	ol8_x86_64_baseos_latest
	systemd-pam-239-82.0.1.el8.x86_64.rpm	81c436ca6059fe6f3288ea07611ea0f2	-	ol8_x86_64_u10_baseos_base
	systemd-tests-239-82.0.1.el8.x86_64.rpm	6ea34c596ad2d3ed506a37bdece0b99d	-	ol8_x86_64_baseos_latest
	systemd-tests-239-82.0.1.el8.x86_64.rpm	6ea34c596ad2d3ed506a37bdece0b99d	-	ol8_x86_64_u10_baseos_base
	systemd-udev-239-82.0.1.el8.x86_64.rpm	645ecdcb6aef10c90f640b5579843dce	-	ol8_x86_64_baseos_latest
	systemd-udev-239-82.0.1.el8.x86_64.rpm	645ecdcb6aef10c90f640b5579843dce	-	ol8_x86_64_u10_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691