security update in Fedora 29 for systemd

Status: stable 9 months ago
  • Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)
  • Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)
  • Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
  • The DHCP server is started only when link is UP
  • DHCPv6 prefix delegation is improved
  • Downgrade logging of various messages and add loging in other places
  • Many many fixes in error handling and minor memory leaks and such
  • Fix typos and omissions in documentation
  • Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
  • Matching by MACAddress= in systemd-networkd is fixed
  • Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
  • systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0
  • Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression.
  • "systemctl --wait start" exits immediately if no valid units are named
  • zram devices are not considered as candidates for hibernation
  • ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)
  • Various smaller improvements to unit ordering and dependencies
  • generators are now called with the manager's environment
  • Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
  • The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
  • Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.
  • "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present
  • Hibernation is not advertised if resume= is not present on the kernenl command line
  • Hibernation/Suspend/... modes can be disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
  • LOGO= and DOCUMENTATION_URL= are documented for the os-release file
  • The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries
  • Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects
  • Catalog entries for the journal are improved (#1639482)
  • If suspend fails, the post-suspend hooks are still called.
  • Various build issues on less-common architectures are fixed

No need to reboot or log out.

Comments 12

This update has been submitted for testing by zbyszek.

I have /var installed on a sepatate partition and after this update Setroubleshoot produces following messages:

SELinux is preventing systemd-logind from read access on the blk_file
SELinux is preventing systemd-logind from open access on the blk_file
SELinux is preventing systemd-logind from ioctl access on the blk_file
karma: +1 critpath: +1

Works just fine so far :)

karma: +1 critpath: +1

I have installed this update and I do not see any problems so far.

I upgraded to systemd-239-6.git9f3aed1.fc29 from Koji. When I logged into Plasma twice after the systemd update, I saw the following denial of systemd-user-ru reading dbus-1 both times. I put the details in the report at https://bugzilla.redhat.com/show_bug.cgi?id=1644313 systemd seems to be running normally otherwise.

karma: +1 critpath: +1 Services start: +1 base services start: +1

As it revealed later, Setroubleshoot messages I mentioned above were referred not to /var, but to UEFI BIOS partition.

This update has been pushed to testing.

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted 10 months ago
in testing 10 months ago
in stable 9 months ago

Related Bugs 5

00 #1639067 CVE-2018-15688 systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
00 #1639071 CVE-2018-15686 systemd: Line splitting via fgets() allows for state injection during daemon-reexec
00 #1639076 CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges
0+2 #1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
00 #1642460 Invalid bug number

Automated Test Results

Test Cases

0+3 Test Case Services start
0+1 Test Case base service manipulation
0+3 Test Case base services start
0+1 Test Case base shutdown/reboot