libsystemd0-249.4-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11420-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsystemd0-249.4-2.2 on GA media These are all security issues fixed in the libsystemd0-249.4-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11420 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-10156/ SUSE CVE CVE-2016-10156 page https://www.suse.com/security/cve/CVE-2017-15908/ SUSE CVE CVE-2017-15908 page https://www.suse.com/security/cve/CVE-2017-18078/ SUSE CVE CVE-2017-18078 page https://www.suse.com/security/cve/CVE-2017-9445/ SUSE CVE CVE-2017-9445 page https://www.suse.com/security/cve/CVE-2018-15686/ SUSE CVE CVE-2018-15686 page https://www.suse.com/security/cve/CVE-2018-15687/ SUSE CVE CVE-2018-15687 page https://www.suse.com/security/cve/CVE-2018-15688/ SUSE CVE CVE-2018-15688 page https://www.suse.com/security/cve/CVE-2018-16864/ SUSE CVE CVE-2018-16864 page https://www.suse.com/security/cve/CVE-2018-16865/ SUSE CVE CVE-2018-16865 page https://www.suse.com/security/cve/CVE-2018-21029/ SUSE CVE CVE-2018-21029 page https://www.suse.com/security/cve/CVE-2018-6954/ SUSE CVE CVE-2018-6954 page https://www.suse.com/security/cve/CVE-2019-20386/ SUSE CVE CVE-2019-20386 page https://www.suse.com/security/cve/CVE-2019-3842/ SUSE CVE CVE-2019-3842 page https://www.suse.com/security/cve/CVE-2019-3843/ SUSE CVE CVE-2019-3843 page https://www.suse.com/security/cve/CVE-2019-3844/ SUSE CVE CVE-2019-3844 page https://www.suse.com/security/cve/CVE-2019-6454/ SUSE CVE CVE-2019-6454 page https://www.suse.com/security/cve/CVE-2020-13529/ SUSE CVE CVE-2020-13529 page https://www.suse.com/security/cve/CVE-2020-1712/ SUSE CVE CVE-2020-1712 page https://www.suse.com/security/cve/CVE-2021-33910/ SUSE CVE CVE-2021-33910 page openSUSE Tumbleweed libsystemd0-249.4-2.2 libsystemd0-32bit-249.4-2.2 libudev-devel-249.4-2.2 libudev-devel-32bit-249.4-2.2 libudev1-249.4-2.2 libudev1-32bit-249.4-2.2 nss-myhostname-249.4-2.2 nss-myhostname-32bit-249.4-2.2 nss-mymachines-249.4-2.2 nss-mymachines-32bit-249.4-2.2 nss-resolve-249.4-2.2 nss-systemd-249.4-2.2 systemd-249.4-2.2 systemd-32bit-249.4-2.2 systemd-container-249.4-2.2 systemd-coredump-249.4-2.2 systemd-devel-249.4-2.2 systemd-doc-249.4-2.2 systemd-experimental-249.4-2.2 systemd-journal-remote-249.4-2.2 systemd-lang-249.4-2.2 systemd-logger-249.4-2.2 systemd-network-249.4-2.2 systemd-portable-249.4-2.2 systemd-sysvinit-249.4-2.2 systemd-testsuite-249.4-2.2 udev-249.4-2.2 libsystemd0-249.4-2.2 as a component of openSUSE Tumbleweed libsystemd0-32bit-249.4-2.2 as a component of openSUSE Tumbleweed libudev-devel-249.4-2.2 as a component of openSUSE Tumbleweed libudev-devel-32bit-249.4-2.2 as a component of openSUSE Tumbleweed libudev1-249.4-2.2 as a component of openSUSE Tumbleweed libudev1-32bit-249.4-2.2 as a component of openSUSE Tumbleweed nss-myhostname-249.4-2.2 as a component of openSUSE Tumbleweed nss-myhostname-32bit-249.4-2.2 as a component of openSUSE Tumbleweed nss-mymachines-249.4-2.2 as a component of openSUSE Tumbleweed nss-mymachines-32bit-249.4-2.2 as a component of openSUSE Tumbleweed nss-resolve-249.4-2.2 as a component of openSUSE Tumbleweed nss-systemd-249.4-2.2 as a component of openSUSE Tumbleweed systemd-249.4-2.2 as a component of openSUSE Tumbleweed systemd-32bit-249.4-2.2 as a component of openSUSE Tumbleweed systemd-container-249.4-2.2 as a component of openSUSE Tumbleweed systemd-coredump-249.4-2.2 as a component of openSUSE Tumbleweed systemd-devel-249.4-2.2 as a component of openSUSE Tumbleweed systemd-doc-249.4-2.2 as a component of openSUSE Tumbleweed systemd-experimental-249.4-2.2 as a component of openSUSE Tumbleweed systemd-journal-remote-249.4-2.2 as a component of openSUSE Tumbleweed systemd-lang-249.4-2.2 as a component of openSUSE Tumbleweed systemd-logger-249.4-2.2 as a component of openSUSE Tumbleweed systemd-network-249.4-2.2 as a component of openSUSE Tumbleweed systemd-portable-249.4-2.2 as a component of openSUSE Tumbleweed systemd-sysvinit-249.4-2.2 as a component of openSUSE Tumbleweed systemd-testsuite-249.4-2.2 as a component of openSUSE Tumbleweed udev-249.4-2.2 as a component of openSUSE Tumbleweed A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. CVE-2016-10156 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10156.html CVE-2016-10156 https://bugzilla.suse.com/1020601 SUSE Bug 1020601 https://bugzilla.suse.com/1021969 SUSE Bug 1021969 https://bugzilla.suse.com/1086936 SUSE Bug 1086936 In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. CVE-2017-15908 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15908.html CVE-2017-15908 https://bugzilla.suse.com/1065276 SUSE Bug 1065276 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. CVE-2017-18078 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-18078.html CVE-2017-18078 https://bugzilla.suse.com/1077925 SUSE Bug 1077925 In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. CVE-2017-9445 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9445.html CVE-2017-9445 https://bugzilla.suse.com/1045290 SUSE Bug 1045290 https://bugzilla.suse.com/1063249 SUSE Bug 1063249 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. CVE-2018-15686 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-15686.html CVE-2018-15686 https://bugzilla.suse.com/1113665 SUSE Bug 1113665 https://bugzilla.suse.com/1120323 SUSE Bug 1120323 A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. CVE-2018-15687 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-15687.html CVE-2018-15687 https://bugzilla.suse.com/1113666 SUSE Bug 1113666 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. CVE-2018-15688 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-15688.html CVE-2018-15688 https://bugzilla.suse.com/1113632 SUSE Bug 1113632 https://bugzilla.suse.com/1113668 SUSE Bug 1113668 https://bugzilla.suse.com/1113669 SUSE Bug 1113669 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. CVE-2018-16864 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16864.html CVE-2018-16864 https://bugzilla.suse.com/1108912 SUSE Bug 1108912 https://bugzilla.suse.com/1120323 SUSE Bug 1120323 https://bugzilla.suse.com/1122265 SUSE Bug 1122265 https://bugzilla.suse.com/1188063 SUSE Bug 1188063 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. CVE-2018-16865 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16865.html CVE-2018-16865 https://bugzilla.suse.com/1108912 SUSE Bug 1108912 https://bugzilla.suse.com/1120323 SUSE Bug 1120323 https://bugzilla.suse.com/1122265 SUSE Bug 1122265 https://bugzilla.suse.com/1188063 SUSE Bug 1188063 ** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent). CVE-2018-21029 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-21029.html CVE-2018-21029 https://bugzilla.suse.com/1155539 SUSE Bug 1155539 systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. CVE-2018-6954 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6954.html CVE-2018-6954 https://bugzilla.suse.com/1080919 SUSE Bug 1080919 An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. CVE-2019-20386 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-20386.html CVE-2019-20386 https://bugzilla.suse.com/1161436 SUSE Bug 1161436 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". CVE-2019-3842 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3842.html CVE-2019-3842 https://bugzilla.suse.com/1132348 SUSE Bug 1132348 It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. CVE-2019-3843 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3843.html CVE-2019-3843 https://bugzilla.suse.com/1133506 SUSE Bug 1133506 It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled. CVE-2019-3844 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3844.html CVE-2019-3844 https://bugzilla.suse.com/1133509 SUSE Bug 1133509 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). CVE-2019-6454 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6454.html CVE-2019-6454 https://bugzilla.suse.com/1125352 SUSE Bug 1125352 An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. CVE-2020-13529 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13529.html CVE-2020-13529 https://bugzilla.suse.com/1185972 SUSE Bug 1185972 A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. CVE-2020-1712 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-1712.html CVE-2020-1712 https://bugzilla.suse.com/1162108 SUSE Bug 1162108 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. CVE-2021-33910 openSUSE Tumbleweed:libsystemd0-249.4-2.2 openSUSE Tumbleweed:libsystemd0-32bit-249.4-2.2 openSUSE Tumbleweed:libudev-devel-249.4-2.2 openSUSE Tumbleweed:libudev-devel-32bit-249.4-2.2 openSUSE Tumbleweed:libudev1-249.4-2.2 openSUSE Tumbleweed:libudev1-32bit-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-249.4-2.2 openSUSE Tumbleweed:nss-myhostname-32bit-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-249.4-2.2 openSUSE Tumbleweed:nss-mymachines-32bit-249.4-2.2 openSUSE Tumbleweed:nss-resolve-249.4-2.2 openSUSE Tumbleweed:nss-systemd-249.4-2.2 openSUSE Tumbleweed:systemd-249.4-2.2 openSUSE Tumbleweed:systemd-32bit-249.4-2.2 openSUSE Tumbleweed:systemd-container-249.4-2.2 openSUSE Tumbleweed:systemd-coredump-249.4-2.2 openSUSE Tumbleweed:systemd-devel-249.4-2.2 openSUSE Tumbleweed:systemd-doc-249.4-2.2 openSUSE Tumbleweed:systemd-experimental-249.4-2.2 openSUSE Tumbleweed:systemd-journal-remote-249.4-2.2 openSUSE Tumbleweed:systemd-lang-249.4-2.2 openSUSE Tumbleweed:systemd-logger-249.4-2.2 openSUSE Tumbleweed:systemd-network-249.4-2.2 openSUSE Tumbleweed:systemd-portable-249.4-2.2 openSUSE Tumbleweed:systemd-sysvinit-249.4-2.2 openSUSE Tumbleweed:systemd-testsuite-249.4-2.2 openSUSE Tumbleweed:udev-249.4-2.2 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-33910.html CVE-2021-33910 https://bugzilla.suse.com/1188062 SUSE Bug 1188062 https://bugzilla.suse.com/1188063 SUSE Bug 1188063