{"affected":[{"ecosystem_specific":{"binaries":[{"libgudev-1_0-0":"210-70.58.1","libgudev-1_0-0-32bit":"210-70.58.1","libudev1":"210-70.58.1","libudev1-32bit":"210-70.58.1","systemd":"210-70.58.1","systemd-32bit":"210-70.58.1","systemd-bash-completion":"210-70.58.1","systemd-sysvinit":"210-70.58.1","udev":"210-70.58.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"systemd","purl":"pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"210-70.58.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libgudev-1_0-0":"210-70.58.1","libgudev-1_0-0-32bit":"210-70.58.1","libudev1":"210-70.58.1","libudev1-32bit":"210-70.58.1","systemd":"210-70.58.1","systemd-32bit":"210-70.58.1","systemd-bash-completion":"210-70.58.1","systemd-sysvinit":"210-70.58.1","udev":"210-70.58.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"systemd","purl":"pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"210-70.58.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for systemd fixes the following security issue:\n\n- CVE-2016-7796: A zero-length message received over systemd's notification socket\n  could make manager_dispatch_notify_fd() return an error and, as a side effect,\n  disable the notification handler completely. As the notification socket is\n  world-writable, this could have allowed a local user to perform a denial-of-service\n  attack against systemd. (bsc#1001765)\n\nAdditionally, the following non-security fixes are included:\n\n- Fix HMAC calculation when appending a data object to journal. (bsc#1000435)\n- Never accept file descriptors from file systems with mandatory locking enabled.\n  (bsc#954374)\n- Do not warn about missing install info with 'preset'. (bsc#970293)  \n- Save /run/systemd/users/UID before starting user@.service. (bsc#996269)\n- Make sure that /var/lib/systemd/sysv-convert/database is always initialized.\n  (bsc#982211)\n- Remove daylight saving time handling and tzfile parser. (bsc#990074)\n- Make sure directory watch is started before cryptsetup. (bsc#987173)\n- Introduce sd_pid_notify() and sd_pid_notifyf() APIs. (bsc#987857)\n- Set KillMode=mixed for our daemons that fork worker processes.\n- Add nosuid and nodev options to tmp.mount.\n- Don't start console-getty.service when /dev/console is missing. (bsc#982251)\n- Correct segmentation fault in udev/path_id due to missing NULL check. (bsc#982210)\n","id":"SUSE-SU-2016:2475-1","modified":"2016-10-07T15:16:23Z","published":"2016-10-07T15:16:23Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162475-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000435"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001765"},{"type":"REPORT","url":"https://bugzilla.suse.com/954374"},{"type":"REPORT","url":"https://bugzilla.suse.com/970293"},{"type":"REPORT","url":"https://bugzilla.suse.com/982210"},{"type":"REPORT","url":"https://bugzilla.suse.com/982211"},{"type":"REPORT","url":"https://bugzilla.suse.com/982251"},{"type":"REPORT","url":"https://bugzilla.suse.com/987173"},{"type":"REPORT","url":"https://bugzilla.suse.com/987857"},{"type":"REPORT","url":"https://bugzilla.suse.com/990074"},{"type":"REPORT","url":"https://bugzilla.suse.com/996269"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7796"}],"related":["CVE-2016-7796"],"summary":"Security update for systemd","upstream":["CVE-2016-7796"]}