Update systemd to the stable backports used in LFS

[Douglas R. Reno]

Update systemd to the stable backports as used in LFS.

[Douglas R. Reno]

{{{
Workaround
==========

- CVE-2018-15688

Disable IPv6 by setting either LinkLocalAddressing=ipv4 or
LinkLocalAddressing=no in the corresponding network configuration file.

Description
===========

- CVE-2018-15686 (privilege escalation)

A security issue has been found in systemd up to and including 239,
where the use of fgets() allows an attacker to escalate privilege via a
crafted service with NotifyAccess.

- CVE-2018-15687 (privilege escalation)

A security issue has been found in systemd up to and including 239,
where a race condition in the chown_one() function can be used to
escalate privileges via a crafted symlink.

- CVE-2018-15688 (arbitrary code execution)

An out-of-bounds write has been found in the dhcpv6 option handing code
of systemd-networkd up to and including v239.

It was discovered that systemd-network does not correctly keep track of
a buffer size  in the dhcp6_option_append_ia() function, when
constructing DHCPv6 packets. This flaw may lead to an integer underflow
that can be used to produce an heap-based buffer overflow. A malicious
host on the same network segment as the victim's one may advertise
itself as a DHCPv6 server and exploit this flaw to cause a Denial of
Service or potentially gain code execution on the victim's machine. The
overflow can be triggered relatively easy by advertising a DHCPv6
server with a server-id >= 493 characters long.

Impact
======

A remote attacker is able to cause arbitrary code execution by
advertising itself as a DHCPv6 server with a specially crafted server-
id. A local attacker can escalate privileges with a specially crafted
service or a crafted symlink.

}}}

[DJ Lucas]

Fixed in r20739.