[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4259-1] systemd security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-4259-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/          Carlos Henrique Lima Melara
July 30, 2025                                 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : systemd
Version        : 247.3-7+deb11u7
CVE ID         : CVE-2025-4598
Debian Bug     : 1106785

The Qualys Threat Research Unit (TRU) discovered that systemd-coredump
is prone to a kill-and-replace race condition which may allow a local
attacker to gain sensitive information from crashed SUID processes.
Additionally systemd-coredump does not specify %d (the kernel's per-
process "dumpable" flag) in /proc/sys/kernel/core_pattern allowing a
local attacker to crash root daemons that fork() and setuid() to the
attacker's uid and consequently gain read access to the resulting core
dumps and therefore to sensitive information from memory of the root
daemons.

Details can be found in the Qualys advisory at
https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt

For Debian 11 bullseye, this problem has been fixed in version
247.3-7+deb11u7.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: