• Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)
  • Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)
  • Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
  • The DHCP server is started only when link is UP
  • DHCPv6 prefix delegation is improved
  • Downgrade logging of various messages and add loging in other places
  • Many many fixes in error handling and minor memory leaks and such
  • Fix typos and omissions in documentation
  • Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
  • Matching by MACAddress= in systemd-networkd is fixed
  • Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
  • systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0
  • Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression.
  • "systemctl --wait start" exits immediately if no valid units are named
  • zram devices are not considered as candidates for hibernation
  • ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)
  • Various smaller improvements to unit ordering and dependencies
  • generators are now called with the manager's environment
  • Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
  • The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
  • Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.
  • "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present
  • Hibernation is not advertised if resume= is not present on the kernenl command line
  • Hibernation/Suspend/... modes can be disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
  • LOGO= and DOCUMENTATION_URL= are documented for the os-release file
  • The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries
  • Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects
  • Catalog entries for the journal are improved (#1639482)
  • If suspend fails, the post-suspend hooks are still called.
  • Various build issues on less-common architectures are fixed

No need to reboot or log out.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-c402eea18b

This update has been submitted for testing by zbyszek.

a year ago
User Icon bluepencil commented & provided feedback a year ago

I have /var installed on a sepatate partition and after this update Setroubleshoot produces following messages:

SELinux is preventing systemd-logind from read access on the blk_file
SELinux is preventing systemd-logind from open access on the blk_file
SELinux is preventing systemd-logind from ioctl access on the blk_file
User Icon sunwire provided feedback a year ago
karma
User Icon frantisekz commented & provided feedback a year ago
karma

Works just fine so far :)

User Icon lbrabec provided feedback a year ago
karma
BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
Test Case Services start
User Icon lruzicka commented & provided feedback a year ago
karma

I have installed this update and I do not see any problems so far.

BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
Test Case Services start
User Icon mattf commented & provided feedback a year ago
karma

I upgraded to systemd-239-6.git9f3aed1.fc29 from Koji. When I logged into Plasma twice after the systemd update, I saw the following denial of systemd-user-ru reading dbus-1 both times. I put the details in the report at https://bugzilla.redhat.com/show_bug.cgi?id=1644313 systemd seems to be running normally otherwise.

Test Case Services start
User Icon bluepencil commented & provided feedback a year ago

As it revealed later, Setroubleshoot messages I mentioned above were referred not to /var, but to UEFI BIOS partition.

This update has been pushed to testing.

a year ago

This update has been submitted for batched by bodhi.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1639067 CVE-2018-15688 systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
0
0
BZ#1639071 CVE-2018-15686 systemd: Line splitting via fgets() allows for state injection during daemon-reexec
0
0
BZ#1639076 CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges
0
0
BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
0
2
BZ#1642460 Invalid bug number
0
0

Automated Test Results

Test Cases

0 3 Test Case Services start
0 1 Test Case base service manipulation
0 3 Test Case base services start
0 1 Test Case base shutdown/reboot
0 0 Test Case User:Tablepc/Draft testcase reboot