Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 41: Advisory FEDORA-2025-3dc53b7f76 - stalld Denial of Service

fedora
Calendar Grey February 8, 2025
Dist Fedora Esm H88
Fedora 41 has a new security advisory regarding a critical vulnerability in stald, CVE-2024-54159, which may lead to denial of service attacks through symlink exploitation
Add code to deal with sched_setattr() not being exported in glibc 2.41 Address CVE-2024-54159 denial of services via symlink attack

Summary

The stalld program monitors the set of system threads,

looking for threads that are ready-to-run but have not

been given processor time for some threshold period.

When a starving thread is found, it is given a temporary

boost using the SCHED_DEADLINE policy. The default is to

allow 10 microseconds of runtime for 1 second of clock time.

Update Information:

Add code to deal with sched_setattr() not being exported in glibc 2.41 Address CVE-2024-54159 denial of services via symlink attack

Topics%20covered

Topics Covered

security advisory denial of service Fedora glibc stalld CVE-2024-54159

Change Log

* Tue Jan 28 2025 Clark Williams - 1.19.8 - Added glibc41 fix to source tree, removed patch - stalld.h: fix prototype mis-match with cleanup_regex() * Tue Jan 21 2025 Clark Williams - 1.19.7 - stalld.c: use a more reasonable size for reading /proc/stat - systemd/Makefile: remove typo in uninstall line - Makefile: change modes on throttled and stalld - throttlectl: clean up throttling script due to reported CVE-2024-54159 * Sun Jan 19 2025 Fedora Release Engineering - 1.19.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References


[ 1 ] Bug #2329810 - CVE-2024-54159 stalld: denial of service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2329810

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3dc53b7f76' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: stalld
Product: Fedora 41
Version: 1.19.8
Release: 1.fc41
URL:
Summary: Daemon that finds starving tasks and gives them a temporary boost

Topics%20covered

Topics Covered

security advisory denial of service Fedora glibc stalld CVE-2024-54159

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here