Synopsis
Low: systemd security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An update for systemd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
- systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 1244691 - systemd journal remote service does not work when multiple virtual machines send logs via journal upload service
- BZ - 1679934 - Spurious "Failed to propagate agent release message" messages on shutdown
- BZ - 1689344 - please add kptr_restrict=1 to /usr/lib/sysctl.conf/50-default.conf
- BZ - 1693374 - Using quotas on iSCSI-hosed filesystems causes systemd "ordering cycle" resulting in random services not starting on boot
- BZ - 1757704 - Restarting systemd-journald to load new configurations causes other daemons stop working
- BZ - 1766477 - Systemd does not attempt to kill child processes if ExecStopPost is set
- BZ - 1769923 - timer: don't use persistent file timestamps from the future
- BZ - 1769928 - systemd leaks memory (in dbus) and spends its time sending PropertiesChanged notifications
- BZ - 1770158 - sd-bus: bump message queue size
- BZ - 1775291 - Services with Restart=always fail to restart when it has a dependent service with StopWhenUnneeded=true
- BZ - 1793979 - CVE-2019-20386 systemd: memory leak in button_open() in login/logind-button.c when udev events are received
- BZ - 1804757 - Mount units end up in erroneous state (not-found active mounted) after daemon reload
- BZ - 1809053 - [Azure][RHEL7.6]Inconsistent creation of symlinks in /dev/disk/by-path in Azure VMs
- BZ - 1812889 - Lazy setup of inotify_fd in sd-journal may cause clients to leak file descriptors
- BZ - 1814028 - Veritas NetBackup Engineering would like an official RHEL method to create /etc/udev/rules.d/60-persistent-tape.rules
- BZ - 1817576 - Backport systemd CollectMode for runc
- BZ - 1828953 - systemd segfaults reloading while serializing a service executing a ExecStartPost command [rhel-7.7]
- BZ - 1829754 - systemctl try-restart command hangs indefinitely while being executed during a yum update
- BZ - 1832816 - [Azure][RHEL-7.9]Error in `/usr/lib/systemd/systemd-udevd': double free or corruption
CVEs
References
Vulmon