Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: 2025-99055e8fe5 critical: systemd local information disclosure

fedora
Calendar Grey June 1, 2025
Dist Fedora Esm H88
Solution for sensitive data leakage issue in systemd-coredump for Fedora 42, comprising enhancements to systemd and its associated modules.
Fix for local information disclosure in systemd-coredump (CVE-2025-4598) Fixes for systemd itself, run0, systemd-networkd, "secure" pager, man pages, shell completions, sd-boot, sd...

Summary

systemd is a system and service manager that runs as PID 1 and starts the rest

of the system. It provides aggressive parallelization capabilities, uses socket

and D-Bus activation for starting services, offers on-demand starting of

daemons, keeps track of processes using Linux control groups, maintains mount

and automount points, and implements an elaborate transactional dependency-based

service control logic. systemd supports SysV and LSB init scripts and works as a

replacement for sysvinit. Other parts of this package are a logging daemon,

utilities to control basic system configuration like the hostname, date, locale,

maintain a list of logged-in users, system accounts, runtime directories and

settings, and a logging daemons.

This package was built from the v257-stable branch of systemd.

Update Information:

Fix for local information disclosure in systemd-coredump (CVE-2025-4598) Fixes for systemd itself, run0, systemd-networkd, "secure" pager, man pages, shell completions, sd-boot, sd-varlink Hardware database update

Topics%20covered

Topics Covered

security advisory Fedora local access threat mitigation information disclosure systemd

Change Log

* Thu May 29 2025 Zbigniew Jędrzejewski-Szmek - 257.6-1 - Version 257.6 - Fix for local information disclosure in systemd-coredump (CVE-2025-4598) - Fixes for systemd itself, run0, systemd-networkd, "secure" pager, man pages, shell completions, sd-boot, sd-varlink - Hardware database update

References


[ 1 ] Bug #2369247 - CVE-2025-4598 systemd: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369247

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-99055e8fe5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: systemd
Product: Fedora 42
Version: 257.6
Release: 1.fc42
URL: https://systemd.io
Summary: System and Service Manager

Topics%20covered

Topics Covered

security advisory Fedora local access threat mitigation information disclosure systemd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here