{"affected":[{"ecosystem_specific":{"binaries":[{"libudev-devel":"228-157.9.1","systemd-devel":"228-157.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"systemd","purl":"pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"228-157.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsystemd0":"228-157.9.1","libsystemd0-32bit":"228-157.9.1","libudev1":"228-157.9.1","libudev1-32bit":"228-157.9.1","systemd":"228-157.9.1","systemd-32bit":"228-157.9.1","systemd-bash-completion":"228-157.9.1","systemd-sysvinit":"228-157.9.1","udev":"228-157.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"systemd","purl":"pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"228-157.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsystemd0":"228-157.9.1","libsystemd0-32bit":"228-157.9.1","libudev1":"228-157.9.1","libudev1-32bit":"228-157.9.1","systemd":"228-157.9.1","systemd-32bit":"228-157.9.1","systemd-bash-completion":"228-157.9.1","systemd-sysvinit":"228-157.9.1","udev":"228-157.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"systemd","purl":"pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"228-157.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for systemd provides the following fixes:\n\n- CVE-2020-1712 (bsc#bsc#1162108)\n  Fix a heap use-after-free vulnerability, when asynchronous\n  Polkit queries were performed while handling Dbus messages. A local\n  unprivileged attacker could have abused this flaw to crash systemd services or\n  potentially execute code and elevate their privileges, by sending specially\n  crafted Dbus messages.\n- sd-bus: Deal with cookie overruns. (bsc#1150595)\n- rules: Add by-id symlinks for persistent memory. (bsc#1140631)\n- Drop the old fds used for logging and reopen them in the sub process before doing any\n  new logging. (bsc#1154948)\n- Fix warnings thrown during package installation (bsc#1154043)\n- Fix for systemctl hanging by restart. (bsc#1139459)\n- man: mention that alias names are only effective after 'systemctl enable'. (bsc#1151377)\n- ask-password: improve log message when inotify limit is reached. (bsc#1155574)\n- udevd: wait for workers to finish when exiting. (bsc#1106383)\n- core: fragments of masked units ought not be considered for NeedDaemonReload. (bsc#1156482)\n- udev: fix 'NULL' deref when executing rules. (bsc#1151506)\n- Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)\n","id":"SUSE-SU-2020:0353-1","modified":"2020-02-06T16:34:47Z","published":"2020-02-06T16:34:47Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200353-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1106383"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127557"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133495"},{"type":"REPORT","url":"https://bugzilla.suse.com/1139459"},{"type":"REPORT","url":"https://bugzilla.suse.com/1140631"},{"type":"REPORT","url":"https://bugzilla.suse.com/1150595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1151377"},{"type":"REPORT","url":"https://bugzilla.suse.com/1151506"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154043"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154948"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155574"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156482"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159814"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-1712"}],"related":["CVE-2020-1712"],"summary":"Security update for systemd","upstream":["CVE-2020-1712"]}