Описание
ELSA-2025-22660: systemd security update (MODERATE)
[252-55.0.3.7]
- serialize: don't allocate 1M on the stack just like that [LINUX-16166]
- Route logs from container mapped uids to the system journal [Orabug: 38135007]
- Drop delay when nspawn fails to reset loginuid [Orabug: 37793135]
- Improve logging for api bus connection and subscribers [Orabug: 38040980]
- Defer processing of timeout events in sd-bus api [Orabug: 38064217]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Add bus description to sd-bus outgoing sockets [Orabug: 37347576]
- Add log messages about daemon-reload requester and duration [Orabug: 37347576]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- 1A) Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 36269319]
- 1B) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319]
- 1C) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 1D) Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]
- Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to
- previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- Backport upstream pstore dmesg fix [Orabug: 34868110]
- Remove upstream references [Orabug: 33995357]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469]
- shutdown: get only active md arrays. [Orabug: 34467234]
- Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407]
- Removed unneeded patches from the systemd.spec
- 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490]
- 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490]
- 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110]
- Removed the following, associated with [Orabug: 36269319]:
- 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch
- 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319]
- 2C) Remove 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319]
- 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]
[252-55.7]
- core: fix array size in unit_log_resources() (RHEL-132120)
[252-55.6]
- timer: rebase last_trigger timestamp if needed (RHEL-127022)
[252-55.5]
- test: rename TEST-53-ISSUE-16347 to TEST-53-TIMER (RHEL-127022)
- test: restarting elapsed timer shouldn't trigger the corresponding service (RHEL-127022)
- test: check the next elapse timer timestamp after deserialization (RHEL-127022)
- timer: don't run service immediately after restart of a timer (RHEL-127022)
- test: store and compare just the property value (RHEL-127022)
- timer: rebase the next elapse timestamp only if timer didn't already run (RHEL-127022)
- coredump: handle ENOBUFS and EMSGSIZE the same way (RHEL-126114)
[252-55.4]
- cryptsetup: Add optional support for linking volume key in keyring. (RHEL-118294)
- cryptsetup: fix typo (RHEL-118294)
- cryptsetup: HAVE_CRYPT_SET_KEYRING_TO_LINK is always defined (RHEL-118294)
- basic: add PIDFS magic (#31709) (RHEL-118294)
- time-util: make USEC_TIMESTAMP_FORMATTABLE_MAX for 32bit system off by one day (RHEL-118294)
- coredump: make check that all argv[] meta data fields are passed strict (RHEL-104138)
- coredump: restore compatibility with older patterns (RHEL-104138)
- coredump: use %d in kernel core pattern (RHEL-104138)
- pidref: add structure that can reference a pid via both pidfd and pid_t (RHEL-104138)
- fd-util: introduce parse_fd() (RHEL-104138)
- coredump: add support for new %F PIDFD specifier (RHEL-104138)
[252-55.2]
- Revert 'test-time-util: disable failing tests' (RHEL-110954)
- test: use get_timezones() to iterate all known timezones (RHEL-110954)
- test-time-util: do not fail on DST change (RHEL-110954)
- test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone (RHEL-110954)
- test-time-util: do more suppression of time zone checks (RHEL-110954)
- test-time-util: fix truncation of usec to sec (RHEL-110954)
- test: unset TZ before timezone-sensitive unit tests are run (RHEL-110954)
- meson: extend timeout for test-time-util (RHEL-110954)
- time-util: use DEFINE_STRING_TABLE_LOOKUP_TO_STRING() macro (RHEL-110954)
- time-util: align string table (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: add assertions (RHEL-110954)
- time-util: drop redundant else (RHEL-110954)
- time-util: do not use strdupa() (RHEL-110954)
- time-util: use result from startswith_no_case() (RHEL-110954)
- time-util: use usec_add() and usec_sub_unsigned() (RHEL-110954)
- time-util: shorten code a bit (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: drop unnecessary assignment of timezone name (RHEL-110954)
- time-util: make parse_timestamp() use the RFC-822/ISO 8601 standard timezone spec (RHEL-110954)
- time-util: fix typo (RHEL-110954)
- ci: bump the tools tree to F42 (RHEL-110954)
[252-55.1]
- meson: /etc/systemd/network is also used by udevd (RHEL-111611)
- test: add tests for format_timestamp() and parse_timestamp() with various timezone (RHEL-110954)
- test-time-util: disable failing tests (RHEL-110954)
- test: test parse_timestamp() in various timezone (RHEL-110954)
- systemctl: logind: add missing asserts (RHEL-110954)
- systemctl: logind: make logind_schedule_shutdown accept action as param (RHEL-110954)
- systemctl: add option --when for scheduled shutdown (RHEL-110954)
- test-time-util: add test cases to invalidate 'show' and 'cancel' (RHEL-110954)
- sd-bus: make bus_add_match_full accept timeout (RHEL-111630)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service (RHEL-111630)
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (RHEL-111630)
- core,sd-bus: drop empty lines between function call and error check (RHEL-111630)
- core: do not disconnect from bus when failed to install signal match (RHEL-111630)
- dbus: stash the subscriber list when we disconenct from the bus (RHEL-111630)
- manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-111630)
- bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-111630)
- core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-111630)
- core/manager: drop duplicate bus track deserialization (RHEL-111630)
- sd-bus/bus-track: use install_callback in sd_bus_track_add_name() (RHEL-111630)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
systemd-boot-unsigned
252-55.0.3.el9_7.7
rhel-net-naming-sysattrs
252-55.0.3.el9_7.7
systemd
252-55.0.3.el9_7.7
systemd-container
252-55.0.3.el9_7.7
systemd-libs
252-55.0.3.el9_7.7
systemd-oomd
252-55.0.3.el9_7.7
systemd-pam
252-55.0.3.el9_7.7
systemd-resolved
252-55.0.3.el9_7.7
systemd-rpm-macros
252-55.0.3.el9_7.7
systemd-udev
252-55.0.3.el9_7.7
systemd-devel
252-55.0.3.el9_7.7
systemd-journal-remote
252-55.0.3.el9_7.7
systemd-ukify
252-55.0.3.el9_7.7
Oracle Linux x86_64
systemd-devel
252-55.0.3.el9_7.7
systemd-journal-remote
252-55.0.3.el9_7.7
systemd-ukify
252-55.0.3.el9_7.7
systemd-boot-unsigned
252-55.0.3.el9_7.7
rhel-net-naming-sysattrs
252-55.0.3.el9_7.7
systemd
252-55.0.3.el9_7.7
systemd-container
252-55.0.3.el9_7.7
systemd-libs
252-55.0.3.el9_7.7
systemd-oomd
252-55.0.3.el9_7.7
systemd-pam
252-55.0.3.el9_7.7
systemd-resolved
252-55.0.3.el9_7.7
systemd-rpm-macros
252-55.0.3.el9_7.7
systemd-udev
252-55.0.3.el9_7.7
Связанные CVE
Связанные уязвимости
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
A vulnerability was found in systemd-coredump. This flaw allows an att ...