Security update for systemd (important)

An update that solves one vulnerability and has 7 fixes is
now available.

Description:

This update for systemd fixes the following issues:

• CVE-2019-6454: Overlong DBUS messages could be used to crash systemd
  (bsc#1125352)

• units: make sure initrd-cleanup.service terminates before switching to
  rootfs (bsc#1123333)

• logind: fix bad error propagation

• login: log session state “closing” (as well as New/Removed)

• logind: fix borked r check

• login: don’t remove all devices from PID1 when only one was removed

• login: we only allow opening character devices

• login: correct comment in session_device_free()

• login: remember that fds received from PID1 need to be removed eventually

• login: fix FDNAME in call to sd_pid_notify_with_fds()

• logind: fd 0 is a valid fd

• logind: rework sd_eviocrevoke()

• logind: check file is device node before using .st_rdev

• logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)

• core: add a new sd_notify() message for removing fds from the FD store
  again

• logind: make sure we don’t trip up on half-initialized session devices
  (bsc#1123727)

• fd-util: accept that kcmp might fail with EPERM/EACCES

• core: Fix use after free case in load_from_path() (bsc#1121563)

• core: include Found state in device dumps

• device: fix serialization and deserialization of DeviceFound

• fix path in btrfs rule (#6844)

• assemble multidevice btrfs volumes without external tools (#6607)
  (bsc#1117025)

• Update systemd-system.conf.xml (bsc#1122000)

• units: inform user that the default target is started after exiting from
  rescue or emergency mode

• core: free lines after reading them (bsc#1123892)

• sd-bus: if we receive an invalid dbus message, ignore and proceeed

• automount: don’t pass non-blocking pipe to kernel.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2019-255=1