{"affected":[{"ecosystem_specific":{"binaries":[{"libsystemd0":"234-lp150.20.15.1","libsystemd0-32bit":"234-lp150.20.15.1","libsystemd0-mini":"234-lp150.20.15.1","libudev-devel":"234-lp150.20.15.1","libudev-devel-32bit":"234-lp150.20.15.1","libudev-mini-devel":"234-lp150.20.15.1","libudev-mini1":"234-lp150.20.15.1","libudev1":"234-lp150.20.15.1","libudev1-32bit":"234-lp150.20.15.1","nss-myhostname":"234-lp150.20.15.1","nss-myhostname-32bit":"234-lp150.20.15.1","nss-mymachines":"234-lp150.20.15.1","nss-mymachines-32bit":"234-lp150.20.15.1","nss-systemd":"234-lp150.20.15.1","systemd":"234-lp150.20.15.1","systemd-32bit":"234-lp150.20.15.1","systemd-bash-completion":"234-lp150.20.15.1","systemd-container":"234-lp150.20.15.1","systemd-coredump":"234-lp150.20.15.1","systemd-devel":"234-lp150.20.15.1","systemd-logger":"234-lp150.20.15.1","systemd-mini":"234-lp150.20.15.1","systemd-mini-bash-completion":"234-lp150.20.15.1","systemd-mini-container-mini":"234-lp150.20.15.1","systemd-mini-coredump-mini":"234-lp150.20.15.1","systemd-mini-devel":"234-lp150.20.15.1","systemd-mini-sysvinit":"234-lp150.20.15.1","systemd-sysvinit":"234-lp150.20.15.1","udev":"234-lp150.20.15.1","udev-mini":"234-lp150.20.15.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"systemd","purl":"pkg:rpm/opensuse/systemd&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"234-lp150.20.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsystemd0":"234-lp150.20.15.1","libsystemd0-32bit":"234-lp150.20.15.1","libsystemd0-mini":"234-lp150.20.15.1","libudev-devel":"234-lp150.20.15.1","libudev-devel-32bit":"234-lp150.20.15.1","libudev-mini-devel":"234-lp150.20.15.1","libudev-mini1":"234-lp150.20.15.1","libudev1":"234-lp150.20.15.1","libudev1-32bit":"234-lp150.20.15.1","nss-myhostname":"234-lp150.20.15.1","nss-myhostname-32bit":"234-lp150.20.15.1","nss-mymachines":"234-lp150.20.15.1","nss-mymachines-32bit":"234-lp150.20.15.1","nss-systemd":"234-lp150.20.15.1","systemd":"234-lp150.20.15.1","systemd-32bit":"234-lp150.20.15.1","systemd-bash-completion":"234-lp150.20.15.1","systemd-container":"234-lp150.20.15.1","systemd-coredump":"234-lp150.20.15.1","systemd-devel":"234-lp150.20.15.1","systemd-logger":"234-lp150.20.15.1","systemd-mini":"234-lp150.20.15.1","systemd-mini-bash-completion":"234-lp150.20.15.1","systemd-mini-container-mini":"234-lp150.20.15.1","systemd-mini-coredump-mini":"234-lp150.20.15.1","systemd-mini-devel":"234-lp150.20.15.1","systemd-mini-sysvinit":"234-lp150.20.15.1","systemd-sysvinit":"234-lp150.20.15.1","udev":"234-lp150.20.15.1","udev-mini":"234-lp150.20.15.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"systemd-mini","purl":"pkg:rpm/opensuse/systemd-mini&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"234-lp150.20.15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for systemd fixes the following issues:\n\n- CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352)\n\n- units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)\n- logind: fix bad error propagation\n- login: log session state 'closing' (as well as New/Removed)\n- logind: fix borked r check\n- login: don't remove all devices from PID1 when only one was removed\n- login: we only allow opening character devices\n- login: correct comment in session_device_free()\n- login: remember that fds received from PID1 need to be removed eventually\n- login: fix FDNAME in call to sd_pid_notify_with_fds()\n- logind: fd 0 is a valid fd\n- logind: rework sd_eviocrevoke()\n- logind: check file is device node before using .st_rdev\n- logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)\n- core: add a new sd_notify() message for removing fds from the FD store again\n- logind: make sure we don't trip up on half-initialized session devices (bsc#1123727)\n- fd-util: accept that kcmp might fail with EPERM/EACCES\n- core: Fix use after free case in load_from_path() (bsc#1121563)\n- core: include Found state in device dumps\n- device: fix serialization and deserialization of DeviceFound\n- fix path in btrfs rule (#6844)\n- assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)\n- Update systemd-system.conf.xml (bsc#1122000)\n- units: inform user that the default target is started after exiting from rescue or emergency mode\n- core: free lines after reading them (bsc#1123892)\n- sd-bus: if we receive an invalid dbus message, ignore and proceeed\n- automount: don't pass non-blocking pipe to kernel.\n  \nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:0255-1","modified":"2019-03-23T11:07:53Z","published":"2019-03-23T11:07:53Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVC3OWGGMGT5GMZC57YPFU4GL6LK2NEL/#PVC3OWGGMGT5GMZC57YPFU4GL6LK2NEL"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117025"},{"type":"REPORT","url":"https://bugzilla.suse.com/1121563"},{"type":"REPORT","url":"https://bugzilla.suse.com/1122000"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123333"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123727"},{"type":"REPORT","url":"https://bugzilla.suse.com/1123892"},{"type":"REPORT","url":"https://bugzilla.suse.com/1124153"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-6454"}],"related":["CVE-2019-6454"],"summary":"Security update for systemd","upstream":["CVE-2019-6454"]}