• Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367)
  • Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372)
  • Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362)
  • Downgrade logging of various messages and add loging in other places
  • Many many fixes in error handling and minor memory leaks and such
  • Fix typos and omissions in documentation
  • Various smaller improvements to unit ordering and dependencies
  • Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
  • The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
  • Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.
  • Catalog entries for the journal are improved (#1639482)

No need to reboot or log out.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-24bd6c9d4a

This update has been submitted for testing by zbyszek.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon imabug provided feedback 2 years ago
karma
User Icon hreindl commented & provided feedback 2 years ago
karma

works for me

User Icon samoht0 commented & provided feedback 2 years ago
karma

works for me

This update has been submitted for batched by bodhi.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
0
0
BZ#1643362 CVE-2018-15688 systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling [fedora-all]
0
0
BZ#1643367 CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges [fedora-all]
0
0
BZ#1643372 CVE-2018-15686 systemd: Line splitting via fgets() allows for state injection during daemon-reexec [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case Services start
0 0 Test Case base service manipulation
0 0 Test Case base services start
0 0 Test Case base shutdown/reboot
0 0 Test Case User:Tablepc/Draft testcase reboot