Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5931-1] systemd security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5931-1] systemd security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5931-1] systemd security update
  • Date: Thu, 29 May 2025 21:19:54 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1uKkfK-00G1tm-8L AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=GltSjXIY1PXTszGcmf7caucEMixL+OVhDvv4S+rt3gQ=; b=pS yTPzcxgNf3HSqwChkra+eNH5j+ZU9+xwohB4ReVXJWN9jvhkHDtXsMYauvGnWSy1otNv8zDxxfJP9 GJgfSeOUq8p5QjH5FyHVvxc2R5K9lXIiCtZzt4onFnxjUp+f2OPkYNoeVfk+lRI02U1CbZe++PHbU oeb5qGj4JHR/GLI/pOfgNiSpcuzTSAbTIrPQdQYz+yrIhNOFRJ/9KaYCNtRJ49DBgA+vy64/MLt7o hlfAzbPOUsYy/lw26hFTgVc//m+FLhDRSZ8gy1OiKOAhW0C0r3MBnrx8ZdzcTmst1EGTVLCRQvtzt MUdxyP6+I/s1P26XWsIj6enFysYAxq4g==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 29 May 2025 21:36:12 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <se0UrXTjl3B.A.DN1N.LNNOoB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5931-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : systemd
CVE ID : CVE-2025-4598
Debian Bug : 1106785

The Qualys Threat Research Unit (TRU) discovered that systemd-coredump
is prone to a kill-and-replace race condition which may allow a local
attacker to gain sensitive information from crashed SUID processes.
Additionally systemd-coredump does not specify %d (the kernel's per-
process "dumpable" flag) in /proc/sys/kernel/core_pattern allowing a
local attacker to crash root daemons that fork() and setuid() to the
attacker's uid and consequently gain read access to the resulting core
dumps and therefore to sensitive information from memory of the root
daemons.

Details can be found in the Qualys advisory at
https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt

For the stable distribution (bookworm), this problem has been fixed in
version 252.38-1~deb12u1.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmg4zJ1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S06RAAheycxs4GouWiVJpbNPHg8R7c4gTaU/l3fyED5z/yzgineHlcxF+UVtPU
i1ZkBz3amPnyVdtZiRA6n+U3RyJtPQfYjP9p18wYZ+3KCkW73jkrtC3+VJAXskZq
IZheydwIig6RcYJbM0SW7VpCLIB2Nw89ZH4oZRy5YyBu0nqWfFbDmaJc1+GZyHHF
ILhpt75Aajx16Io8cHlGusQy7gN/n3FmM6PX2ETdkhKr6swMdZClja9jQmv0dh7s
O0Sh/kMNGi+Ki+J+YeA72liY/P+TPsgMShPk7hD0yT/e/dmaiEnoyM0vPNKKRruy
7ESI15HFQP+DbrrzGjKYT3RMI7+3/tqyr29Y/MKBw6Bx+hGiI7rOsvmVo0iLS8aP
J7X2g/qB+DK8LKPux6t32bY3xJMpAFX/ezgAJciaBUSVkrRctxZJfMERhCFSqiZf
dqieq+Dh2k3/fNUca5cIMiDcUeEjR2SeXXusRqKgrxGjHplAFRWUidfAA8E/09+g
jZrzdkwakoB/lL8pQqFMAcc5O9ocetnrjAod4tVFjbTx7+wrmSBJXxMehjc3MSM2
sz4J/Om8JCc18EJutZY8wCoh20i60iJaF1GiUnQCLJdybGhWZrHSUCJ/3cMJVrLa
K0aGYg3WUKS1MEopM3etxD9v7R3JqhztD6kmcGVYlspI/bgqVTE=
=545t
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5931-1] systemd security update, Salvatore Bonaccorso, 29.05.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang