5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
8.1%
An update that solves one vulnerability and has 7 fixes is
now available.
Description:
This update for systemd fixes the following issues:
CVE-2019-6454: Overlong DBUS messages could be used to crash systemd
(bsc#1125352)
units: make sure initrd-cleanup.service terminates before switching to
rootfs (bsc#1123333)
logind: fix bad error propagation
login: log session state “closing” (as well as New/Removed)
logind: fix borked r check
login: don’t remove all devices from PID1 when only one was removed
login: we only allow opening character devices
login: correct comment in session_device_free()
login: remember that fds received from PID1 need to be removed eventually
login: fix FDNAME in call to sd_pid_notify_with_fds()
logind: fd 0 is a valid fd
logind: rework sd_eviocrevoke()
logind: check file is device node before using .st_rdev
logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)
core: add a new sd_notify() message for removing fds from the FD store
again
logind: make sure we don’t trip up on half-initialized session devices
(bsc#1123727)
fd-util: accept that kcmp might fail with EPERM/EACCES
core: Fix use after free case in load_from_path() (bsc#1121563)
core: include Found state in device dumps
device: fix serialization and deserialization of DeviceFound
fix path in btrfs rule (#6844)
assemble multidevice btrfs volumes without external tools (#6607)
(bsc#1117025)
Update systemd-system.conf.xml (bsc#1122000)
units: inform user that the default target is started after exiting from
rescue or emergency mode
core: free lines after reading them (bsc#1123892)
sd-bus: if we receive an invalid dbus message, ignore and proceeed
automount: don’t pass non-blocking pipe to kernel.
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-255=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.0 | i586 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.i586.rpm | |
openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.x86_64.rpm | |
openSUSE Leap | 15.0 | noarch | < - openSUSE Leap 15.0 (noarch): | - openSUSE Leap 15.0 (noarch):.noarch.rpm | |
openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (x86_64): | - openSUSE Leap 15.0 (x86_64):.x86_64.rpm |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
8.1%