------------------------------------------------------------------------- Debian LTS Advisory DLA-4259-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Carlos Henrique Lima Melara July 30, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : systemd Version : 247.3-7+deb11u7 CVE ID : CVE-2025-4598 Debian Bug : 1106785 The Qualys Threat Research Unit (TRU) discovered that systemd-coredump is prone to a kill-and-replace race condition which may allow a local attacker to gain sensitive information from crashed SUID processes. Additionally systemd-coredump does not specify %d (the kernel's per- process "dumpable" flag) in /proc/sys/kernel/core_pattern allowing a local attacker to crash root daemons that fork() and setuid() to the attacker's uid and consequently gain read access to the resulting core dumps and therefore to sensitive information from memory of the root daemons. Details can be found in the Qualys advisory at https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt For Debian 11 bullseye, this problem has been fixed in version 247.3-7+deb11u7. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature