Security update for systemd

Announcement ID:	SUSE-SU-2021:3611-1
Rating:	moderate
References:	bsc#1171962 bsc#1180225 bsc#1188018 bsc#1188063 bsc#1188291 bsc#1189480 bsc#1191399 jsc#SLE-21894
Cross-References:	CVE-2021-33910
CVSS scores:	CVE-2021-33910 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33910 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves one vulnerability, contains one feature and has six security fixes can now be installed.

Description:

This update for systemd fixes the following issues:

• machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
• Add timestamp to D-Bus events to improve traceability. (jsc#SLE-21894)
• busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225, jsc#SLE-21894)
• sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (bsc#1191399)
• basic/unit-name: do not use strdupa() on a path (bsc#1188063, CVE-2021-33910)
• logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
• units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
• Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
• Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291)
• Allow systemd sysusers config files to be overriden during system installation (bsc#1171962)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3611=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3611=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3611=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3611=1

Package List:

• SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
  • libudev-devel-228-157.33.1
  • systemd-debugsource-228-157.33.1
  • systemd-debuginfo-228-157.33.1
  • systemd-devel-228-157.33.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • systemd-debuginfo-228-157.33.1
  • systemd-devel-228-157.33.1
  • libudev1-debuginfo-228-157.33.1
  • udev-228-157.33.1
  • systemd-228-157.33.1
  • libsystemd0-228-157.33.1
  • systemd-debugsource-228-157.33.1
  • systemd-sysvinit-228-157.33.1
  • udev-debuginfo-228-157.33.1
  • libudev-devel-228-157.33.1
  • libudev1-228-157.33.1
  • libsystemd0-debuginfo-228-157.33.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • systemd-bash-completion-228-157.33.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • libsystemd0-debuginfo-32bit-228-157.33.1
  • libsystemd0-32bit-228-157.33.1
  • systemd-debuginfo-32bit-228-157.33.1
  • systemd-32bit-228-157.33.1
  • libudev1-32bit-228-157.33.1
  • libudev1-debuginfo-32bit-228-157.33.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • systemd-debuginfo-228-157.33.1
  • systemd-devel-228-157.33.1
  • libudev1-debuginfo-228-157.33.1
  • udev-228-157.33.1
  • systemd-228-157.33.1
  • libsystemd0-228-157.33.1
  • systemd-debugsource-228-157.33.1
  • systemd-sysvinit-228-157.33.1
  • udev-debuginfo-228-157.33.1
  • libudev-devel-228-157.33.1
  • libudev1-228-157.33.1
  • libsystemd0-debuginfo-228-157.33.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • systemd-bash-completion-228-157.33.1
• SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
  • libsystemd0-debuginfo-32bit-228-157.33.1
  • libsystemd0-32bit-228-157.33.1
  • systemd-debuginfo-32bit-228-157.33.1
  • systemd-32bit-228-157.33.1
  • libudev1-32bit-228-157.33.1
  • libudev1-debuginfo-32bit-228-157.33.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • systemd-debuginfo-228-157.33.1
  • systemd-devel-228-157.33.1
  • libudev1-debuginfo-228-157.33.1
  • udev-228-157.33.1
  • systemd-228-157.33.1
  • libsystemd0-228-157.33.1
  • systemd-debugsource-228-157.33.1
  • systemd-sysvinit-228-157.33.1
  • udev-debuginfo-228-157.33.1
  • libudev-devel-228-157.33.1
  • libudev1-228-157.33.1
  • libsystemd0-debuginfo-228-157.33.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • systemd-bash-completion-228-157.33.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • libsystemd0-debuginfo-32bit-228-157.33.1
  • libsystemd0-32bit-228-157.33.1
  • systemd-debuginfo-32bit-228-157.33.1
  • systemd-32bit-228-157.33.1
  • libudev1-32bit-228-157.33.1
  • libudev1-debuginfo-32bit-228-157.33.1

References:

• https://www.suse.com/security/cve/CVE-2021-33910.html
• https://bugzilla.suse.com/show_bug.cgi?id=1171962
• https://bugzilla.suse.com/show_bug.cgi?id=1180225
• https://bugzilla.suse.com/show_bug.cgi?id=1188018
• https://bugzilla.suse.com/show_bug.cgi?id=1188063
• https://bugzilla.suse.com/show_bug.cgi?id=1188291
• https://bugzilla.suse.com/show_bug.cgi?id=1189480
• https://bugzilla.suse.com/show_bug.cgi?id=1191399
• https://jira.suse.com/browse/SLE-21894