[Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-4598

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 29 21:23:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38387dbe by Salvatore Bonaccorso at 2025-05-29T22:22:55+02:00
Update information on CVE-2025-4598

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -130,16 +130,26 @@ CVE-2025-37993 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-4598
 	- systemd 257.6-1 (bug #1106785)
 	NOTE: https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt
-	NOTE: For a comprehensive fix a kernel change is required too: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea
-	NOTE: Fixed by https://github.com/systemd/systemd/commit/0c49e0049b7665bb7769a13ef346fef92e1ad4d6 (v258)
-	NOTE: Fixed by https://github.com/systemd/systemd/commit/868d95577ec9f862580ad365726515459be582fc (v258)
-	NOTE: Fixed by https://github.com/systemd/systemd/commit/c58a8a6ec9817275bb4babaa2c08e0e35090d4e3 (v257.6)
-	NOTE: Fixed by https://github.com/systemd/systemd/commit/61556694affa290c0a16d48717b3892b85622d96 (v257.6)
-	NOTE: Fixed by https://github.com/systemd/systemd/commit/19d439189ab85dd7222bdd59fd442bbcc8ea99a7 (v256.16)
-	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/254ab8d2a7866679cee006d844d078774cbac3c9 (v255.21)
-	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/7fc7aa5a4d28d7768dfd1eb85be385c3ea949168 (v254.26)
-	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/19b228662e0fcc6596c0395a0af8486a4b3f1627 (v253.33)
-	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/2eb46dce078334805c547cbcf5e6462cf9d2f9f0 (v252.38)
+	NOTE: For a comprehensive fix a kernel change is required (to hand a pidfd to the usermode
+	NOTE: coredump helper):
+	NOTE: https://git.kernel.org/linus/b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea
+	NOTE: https://github.com/systemd/systemd/commit/49f1f2d4a7612bbed5211a73d11d6a94fbe3bb69 (main)
+	NOTE: https://github.com/systemd/systemd/commit/0c49e0049b7665bb7769a13ef346fef92e1ad4d6 (main)
+	NOTE: https://github.com/systemd/systemd/commit/8fc7b2a211eb13ef1a94250b28e1c79cab8bdcb9 (main)
+	NOTE: https://github.com/systemd/systemd/commit/13902e025321242b1d95c6d8b4e482b37f58cdef (main)
+	NOTE: https://github.com/systemd/systemd/commit/868d95577ec9f862580ad365726515459be582fc (main)
+	NOTE: https://github.com/systemd/systemd/commit/e6a8687b939ab21854f12f59a3cce703e32768cf (main)
+	NOTE: https://github.com/systemd/systemd/commit/76e0ab49c47965877c19772a2b3bf55f6417ca39 (main)
+	NOTE: https://github.com/systemd/systemd/commit/9ce8e3e449def92c75ada41b7d10c5bc3946be77 (main)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/0c49e0049b7665bb7769a13ef346fef92e1ad4d6 (v258)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/868d95577ec9f862580ad365726515459be582fc (v258)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/c58a8a6ec9817275bb4babaa2c08e0e35090d4e3 (v257.6)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/61556694affa290c0a16d48717b3892b85622d96 (v257.6)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/19d439189ab85dd7222bdd59fd442bbcc8ea99a7 (v256.16)
+	NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/254ab8d2a7866679cee006d844d078774cbac3c9 (v255.21)
+	NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/7fc7aa5a4d28d7768dfd1eb85be385c3ea949168 (v254.26)
+	NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/19b228662e0fcc6596c0395a0af8486a4b3f1627 (v253.33)
+	NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/2eb46dce078334805c547cbcf5e6462cf9d2f9f0 (v252.38)
 CVE-2025-5054
 	NOT-FOR-US: Apport
 CVE-2025-27464



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38387dbeb00439c842cffde77f021645992b1b6a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38387dbeb00439c842cffde77f021645992b1b6a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250529/fd3e012c/attachment.htm>

More information about the debian-security-tracker-commits mailing list