Security update for systemd, dracut

Announcement ID: SUSE-SU-2017:1898-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-9445 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-9445 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-9445 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • Magnum Orchestration 7
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2

An update that solves one vulnerability and has eight security fixes can now be installed.

Description:

This update for systemd and dracut fixes the following issues:

Security issues fixed:

  • CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. (bsc#1045290)

Non-security issues fixed in systemd:

  • Automounter issue in combination with NFS volumes (bsc#1040968)
  • Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153)
  • Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750)

Non-security issues fixed in dracut:

  • Bail out if module directory does not exist. (bsc#1043900)
  • Suppress bogus error message. (bsc#1032029)
  • Fix module force loading with systemd. (bsc#986216)
  • Ship udev files required by systemd. (bsc#1040153)
  • Ignore module resolution errors (e.g. with kgraft). (bsc#1037120)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Magnum Orchestration 7
    zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1174=1
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
    zypper in -t patch SUSE-SLE-BSK-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Desktop 12 SP2
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
    zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2
    zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1174=1
  • SUSE Linux Enterprise High Performance Computing 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Server 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1174=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1174=1

Package List:

  • Magnum Orchestration 7 (x86_64)
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • libudev1-228-150.7.1
    • libsystemd0-228-150.7.1
    • dracut-044.1-109.8.3
    • udev-228-150.7.1
    • systemd-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • udev-debuginfo-228-150.7.1
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 (ppc64le s390x x86_64)
    • udev-mini-228-150.7.1
    • systemd-mini-debugsource-228-150.7.1
    • udev-mini-debuginfo-228-150.7.1
    • libudev-mini-devel-228-150.7.1
    • libudev-mini1-debuginfo-228-150.7.1
    • libudev-mini1-228-150.7.1
    • systemd-mini-debuginfo-228-150.7.1
    • systemd-mini-228-150.7.1
    • systemd-mini-devel-228-150.7.1
  • SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
    • libsystemd0-debuginfo-228-150.7.1
    • libudev1-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • libudev1-228-150.7.1
    • libsystemd0-228-150.7.1
    • dracut-044.1-109.8.3
    • systemd-debuginfo-32bit-228-150.7.1
    • udev-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
    • systemd-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • udev-debuginfo-228-150.7.1
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Desktop 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • libudev1-228-150.7.1
    • libsystemd0-228-150.7.1
    • dracut-044.1-109.8.3
    • udev-228-150.7.1
    • systemd-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • systemd-debugsource-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • udev-debuginfo-228-150.7.1
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
    • systemd-devel-228-150.7.1
    • libudev-devel-228-150.7.1
    • systemd-debugsource-228-150.7.1
    • systemd-debuginfo-228-150.7.1
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • libudev1-228-150.7.1
    • libsystemd0-228-150.7.1
    • dracut-044.1-109.8.3
    • udev-228-150.7.1
    • systemd-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • systemd-debugsource-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • udev-debuginfo-228-150.7.1
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (x86_64)
    • libudev1-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
  • SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • libudev1-228-150.7.1
    • libsystemd0-228-150.7.1
    • dracut-044.1-109.8.3
    • udev-228-150.7.1
    • systemd-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • systemd-debugsource-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • udev-debuginfo-228-150.7.1
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Server 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Server 12 SP2 (s390x x86_64)
    • libudev1-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • libsystemd0-32bit-228-150.7.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
    • libsystemd0-debuginfo-228-150.7.1
    • systemd-debuginfo-228-150.7.1
    • systemd-sysvinit-228-150.7.1
    • libudev1-debuginfo-228-150.7.1
    • libudev1-228-150.7.1
    • libsystemd0-228-150.7.1
    • dracut-044.1-109.8.3
    • udev-228-150.7.1
    • systemd-228-150.7.1
    • dracut-fips-044.1-109.8.3
    • systemd-debugsource-228-150.7.1
    • dracut-debugsource-044.1-109.8.3
    • udev-debuginfo-228-150.7.1
    • dracut-debuginfo-044.1-109.8.3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
    • systemd-bash-completion-228-150.7.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (x86_64)
    • libudev1-32bit-228-150.7.1
    • libsystemd0-debuginfo-32bit-228-150.7.1
    • systemd-32bit-228-150.7.1
    • libudev1-debuginfo-32bit-228-150.7.1
    • systemd-debuginfo-32bit-228-150.7.1
    • libsystemd0-32bit-228-150.7.1

References: