stable

systemd-239-6.git9f3aed1.fc29

FEDORA-2018-c402eea18b created by zbyszek 7 years ago for Fedora 29
  • Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)
  • Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)
  • Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
  • The DHCP server is started only when link is UP
  • DHCPv6 prefix delegation is improved
  • Downgrade logging of various messages and add loging in other places
  • Many many fixes in error handling and minor memory leaks and such
  • Fix typos and omissions in documentation
  • Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
  • Matching by MACAddress= in systemd-networkd is fixed
  • Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
  • systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0
  • Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression.
  • "systemctl --wait start" exits immediately if no valid units are named
  • zram devices are not considered as candidates for hibernation
  • ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)
  • Various smaller improvements to unit ordering and dependencies
  • generators are now called with the manager's environment
  • Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
  • The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
  • Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user threads are used by bpfilter.
  • "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present
  • Hibernation is not advertised if resume= is not present on the kernenl command line
  • Hibernation/Suspend/... modes can be disabled using AllowSuspend=, AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
  • LOGO= and DOCUMENTATION_URL= are documented for the os-release file
  • The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries
  • Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects
  • Catalog entries for the journal are improved (#1639482)
  • If suspend fails, the post-suspend hooks are still called.
  • Various build issues on less-common architectures are fixed

No need to reboot or log out.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-c402eea18b

This update has been submitted for testing by zbyszek.

7 years ago
User Icon bluepencil commented & provided feedback 7 years ago

I have /var installed on a sepatate partition and after this update Setroubleshoot produces following messages:

SELinux is preventing systemd-logind from read access on the blk_file
SELinux is preventing systemd-logind from open access on the blk_file
SELinux is preventing systemd-logind from ioctl access on the blk_file
User Icon sunwire provided feedback 7 years ago
karma
User Icon frantisekz commented & provided feedback 7 years ago
karma

Works just fine so far :)

User Icon lbrabec provided feedback 7 years ago
karma
BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
Test Case Services start
Test Case base services start
User Icon lruzicka commented & provided feedback 7 years ago
karma

I have installed this update and I do not see any problems so far.

BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
Test Case Services start
Test Case base service manipulation
Test Case base services start
Test Case base shutdown/reboot
User Icon mattf commented & provided feedback 7 years ago
karma

I upgraded to systemd-239-6.git9f3aed1.fc29 from Koji. When I logged into Plasma twice after the systemd update, I saw the following denial of systemd-user-ru reading dbus-1 both times. I put the details in the report at https://bugzilla.redhat.com/show_bug.cgi?id=1644313 systemd seems to be running normally otherwise.

Test Case Services start
Test Case base services start
User Icon bluepencil commented & provided feedback 7 years ago

As it revealed later, Setroubleshoot messages I mentioned above were referred not to /var, but to UEFI BIOS partition.

This update has been pushed to testing.

7 years ago

This update has been submitted for batched by bodhi.

7 years ago

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
5
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
Builds
1
systemd-239-6.git9f3aed1.fc29
BZ#1639067 CVE-2018-15688 systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
0
0
BZ#1639071 CVE-2018-15686 systemd: Line splitting via fgets() allows for state injection during daemon-reexec
0
0
BZ#1639076 CVE-2018-15687 systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges
0
0
BZ#1639482 journalctl reports a totally useless ' The start-up result is RESULT.' and "Failed with result 'exit-code'.
0
2
BZ#1642460 Invalid bug number
0
0
systemd-239-6.git9f3aed1.fc29

Automated Test Results

Test Cases
0 3 Test Case Services start
0 1 Test Case base service manipulation
0 3 Test Case base services start
0 1 Test Case base shutdown/reboot
0 0 Test Case User:Tablepc/Draft testcase reboot

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-10-qgq4l.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy