LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2012-2557 (systemd)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 16 Update: systemd-37-15.fc16 


Date:
    	      Sun, 11 Mar 2012 23:20:39 +0000


Message-ID:
    	      <20120311232039.0E766210CD@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2557
2012-02-28 09:13:18
--------------------------------------------------------------------------------

Name        : systemd
Product     : Fedora 16
Version     : 37
Release     : 15.fc16
URL         : http://www.freedesktop.org/wiki/Software/systemd
Summary     : A System and Service Manager
Description :
systemd is a system and service manager for Linux, compatible with
SysV and LSB init scripts. systemd provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux cgroups, supports snapshotting and restoring of the system
state, maintains mount and automount points and implements an
elaborate transactional dependency-based service control logic. It can
work as a drop-in replacement for sysvinit.

--------------------------------------------------------------------------------
Update Information:

This systemd update adds several fixes:

* logind created files under /run/user/ in an insecure manner. A local attacker could create a
symlink inside arbitrary directories (CVE-2012-0871).
* permissions of PrivateTmp directories (RHBZ#790522)
* timedated did not run without ntp installed (RHBZ#790260)
* logind: allow PowerOff and Reboot via polkit
* loading of empty files in read_one_line_file() (fdo#45362)
* fix cgit URLs in manpages
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar  1 2012 Michal Schmidt <mschmidt@redhat.com> - 37-15
- logind: move X11 socket
* Mon Feb 27 2012 Michal Schmidt <mschmidt@redhat.com> - 37-14
- A few fixes from upstream:
  - PrivateTmp permissions (#790522)
  - timedated without ntp installed (#790260)
  - logind: allow PowerOff and Reboot via polkit
  - loading empty files in read_one_line_file() (fdo#45362)
  - fix cgit URLs in manpages
* Thu Feb  9 2012 Michal Schmidt <mschmidt@redhat.com> - 37-13
- Minor fixes and some manpage updates from upstream.
* Sun Jan 29 2012 Michal Schmidt <mschmidt@redhat.com> - 37-12
- Avoid a glitch with plymouth (#785548).
- Fix logind capabilities.
* Thu Jan 26 2012 Michal Schmidt <mschmidt@redhat.com> - 37-11
- Fix automount regression.
* Sat Jan 21 2012 Michal Schmidt <mschmidt@redhat.com> - 37-10
- Fix occasionally failing socket units with Accept=yes (#783344).
* Fri Jan 20 2012 Michal Schmidt <mschmidt@redhat.com> - 37-9
- Fix a crash related to pid file watch and daemon-reload (#783118).
- Added Conflicts with known broken spamassassin.
* Tue Jan 17 2012 Michal Schmidt <mschmidt@redhat.com> - 37-8
- Shut up another logind message (#727315).
* Sat Jan 14 2012 Michal Schmidt <mschmidt@redhat.com> - 37-7
- Fix for quota and a couple of other issues.
* Wed Jan 11 2012 Michal Schmidt <mschmidt@redhat.com> - 37-6
- Fixes and low-risk enhancements (no journald) from upstream v38.
* Fri Dec  2 2011 Karsten Hopp <karsten@redhat.com> - 37-5
- add upstream patch for bugzilla 744415, encrypted filesystem passphrases 
  fail on runtime systems in hvc consoles
* Tue Nov 15 2011 Michal Schmidt <mschmidt@redhat.com> - 37-4
- Run authconfig if /etc/pam.d/system-auth is not a symlink.
- Resolves: #753160
* Wed Nov  2 2011 Michal Schmidt <mschmidt@redhat.com> - 37-3
- Fix remote-fs-pre.target and its ordering.
- Resolves: #749940
* Wed Oct 19 2011 Michal Schmidt <mschmidt@redhat.com> - 37-2
- A couple of fixes from upstream:
- Fix a regression in bash-completion reported in Bodhi.
- Fix a crash in isolating.
- Resolves: #717325
* Tue Oct 11 2011 Lennart Poettering <lpoetter@redhat.com> - 37-1
- New upstream release
- Resolves: #744726, #718464, #713567, #713707, #736756
* Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-5
- Undo the workaround. Kay says it does not belong in systemd.
- Unresolves: #741655
* Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-4
- Workaround for the crypto-on-lvm-on-crypto disk layout
- Resolves: #741655
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #795853 - CVE-2012-0871 systemd: insecure file creation may lead to elevated
privileges
        https://bugzilla.redhat.com/show_bug.cgi?id=795853
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update systemd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds