34331 – systemd (coredump) new security issue CVE-2025-4598

Bug 34331 - systemd (coredump) new security issue CVE-2025-4598

Summary: systemd (coredump) new security issue CVE-2025-4598

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-32-OK MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-06-02 10:20 CEST by Nicolas Salguero
Modified:	2025-06-08 08:23 CEST (History)
CC List:	6 users (show)

See Also:
Source RPM:	systemd
CVE:	CVE-2025-4598
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-06-02 10:20:33 CEST

CVE-2025-4598 was announced here:
https://openwall.com/lists/oss-security/2025/05/29/3

Nicolas Salguero 2025-06-02 10:21:53 CEST

CVE: (none) => CVE-2025-4598
Source RPM: (none) => systemd-255.18-2.mga10.src.rpm, systemd-253.31-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO

Comment 1 Nicolas Salguero 2025-06-02 10:56:11 CEST

Debian has issued an advisory on May 29:
https://lists.debian.org/debian-security-announce/2025/msg00095.html

Nicolas Salguero 2025-06-02 10:57:30 CEST

Status comment: (none) => Fixed upstream in 255.21 and 253.33

Comment 2 Nicolas Salguero 2025-06-03 15:00:25 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump. (CVE-2025-4598)

References:
https://openwall.com/lists/oss-security/2025/05/29/3
https://lists.debian.org/debian-security-announce/2025/msg00095.html
========================

Updated packages in core/updates_testing:
========================
lib(64)systemd0-253.33-1.mga9
lib(64)udev1-253.33-1.mga9
lib(64)udev-devel-253.33-1.mga9
nss-myhostname-253.33-1.mga9
systemd-253.33-1.mga9
systemd-devel-253.33-1.mga9
systemd-homed-253.33-1.mga9
systemd-tests-253.33-1.mga9

from SRPM:
systemd-253.33-1.mga9.src.rpm

Source RPM: systemd-255.18-2.mga10.src.rpm, systemd-253.31-1.mga9.src.rpm => systemd-253.31-1.mga9.src.rpm
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Status comment: Fixed upstream in 255.21 and 253.33 => (none)

katnatek 2025-06-04 01:10:21 CEST

Keywords: (none) => advisory

katnatek 2025-06-04 03:19:33 CEST

Source RPM: systemd-253.31-1.mga9.src.rpm => systemd-253.31-1.mga9

Comment 3 katnatek 2025-06-04 03:24:31 CEST

installing systemd-253.33-1.mga9.x86_64.rpm nss-myhostname-253.33-1.mga9.x86_64.rpm lib64systemd0-253.33-1.mga9.x86_64.rpm lib64udev1-253.33-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/4: lib64systemd0         ##################################################################################################
      2/4: nss-myhostname        ##################################################################################################
      3/4: systemd               ##################################################################################################
      4/4: lib64udev1            ##################################################################################################
      1/4: removing systemd-253.24-3.mga9.x86_64
                                 ##################################################################################################
      2/4: removing lib64systemd0-253.24-3.mga9.x86_64
                                 ##################################################################################################
      3/4: removing nss-myhostname-253.24-3.mga9.x86_64
                                 ##################################################################################################
      4/4: removing lib64udev1-253.24-3.mga9.x86_64
                                 ##################################################################################################
You should restart your computer for systemd

Reboot

System start OK

Query with systemctl status the services I use, looks good

Comment 4 Herman Viaene 2025-06-04 17:06:52 CEST

MGA9-64 Plasma Wayland on Compaq H000SB.
No installation issues.
Rebooted after install. All functions I expect (wifi, internet, sound, access to NFS-shares) work OK.

For my curiosity: has the name "systemd" been given/invented by a French person?

CC: (none) => herman.viaene

Comment 5 katnatek 2025-06-04 18:16:35 CEST

(In reply to Herman Viaene from comment #4)
> MGA9-64 Plasma Wayland on Compaq H000SB.
> No installation issues.
> Rebooted after install. All functions I expect (wifi, internet, sound,
> access to NFS-shares) work OK.
> 
> For my curiosity: has the name "systemd" been given/invented by a French
> person?

A German https://en.wikipedia.org/wiki/Lennart_Poettering

Comment 6 katnatek 2025-06-05 01:39:11 CEST

RH i586

installing libsystemd0-253.33-1.mga9.i586.rpm libudev-devel-253.33-1.mga9.i586.rpm nss-myhostname-253.33-1.mga9.i586.rpm libudev1-253.33-1.mga9.i586.rpm systemd-253.33-1.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     #######################################################################################
      1/5: libudev1              #######################################################################################
      2/5: nss-myhostname        #######################################################################################
      3/5: libsystemd0           #######################################################################################
      4/5: libudev-devel         #######################################################################################
      5/5: systemd               #######################################################################################
      1/5: removing systemd-253.24-3.mga9.i586
                                 #######################################################################################
      2/5: removing libudev-devel-253.24-3.mga9.i586
                                 #######################################################################################
      3/5: removing libudev1-253.24-3.mga9.i586
                                 #######################################################################################
      4/5: removing libsystemd0-253.24-3.mga9.i586
                                 #######################################################################################
      5/5: removing nss-myhostname-253.24-3.mga9.i586
                                 #######################################################################################
You should restart your computer for systemd

Reboot

Audio/Video OK
Services OK

Comment 7 Thomas Andrews 2025-06-05 03:15:35 CEST

MGA9-64 Plasma, i5-7500, nvidia Quadro K620.

No installation issues. Tried a few commands after the reboot, looks OK.

CC: (none) => andrewsfarm

katnatek 2025-06-06 01:18:22 CEST

Source RPM: systemd-253.31-1.mga9 => systemd

PC LX 2025-06-06 01:34:29 CEST

CC: (none) => mageia

Comment 8 Brian Rockwell 2025-06-06 05:06:49 CEST

MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop

The following 4 packages are going to be installed:

- libsystemd0-253.33-1.mga9.i586
- libudev1-253.33-1.mga9.i586
- nss-myhostname-253.33-1.mga9.i586
- systemd-253.33-1.mga9.i586

275KB of additional disk space will be used.


---rebooted

$ dnf info systemd

Name         : systemd
Version      : 253.33
Release      : 1.mga9
Architecture : i586
Size         : 27 M
Source       : systemd-253.33-1.mga9.src.rpm

seems to be working as designed.

CC: (none) => brtians1

Comment 9 Brian Rockwell 2025-06-06 05:07:26 CEST

MGA9-64, Xfce

Installed and used for a number of hours.  no issues

Comment 10 Morgan Leijström 2025-06-07 00:18:56 CEST

64bit OK on ASUS Aspire A717

System and test as in Bug 34302 Comment 70 with desktop kernel
linus kernel Bug 34303 Comment 10

Linus kernel fail hibernating (nouveau), OK with desktop kernel, so I assume systemd is not to blame.

CC: (none) => fri

Comment 11 Thomas Andrews 2025-06-07 02:06:47 CEST

I think that's enough testing. Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
CC: (none) => sysadmin-bugs

Comment 12 Morgan Leijström 2025-06-07 18:00:23 CEST

Yep, while also testing kernels, no issues noted on Thinkpad T43 (i586, LXDE), and 64 bit Plasma on Asus G75V (nvidia470), Thinkpad T510 (nouveau), and my workstation (AMD GPU), all intel CPUs.

Comment 13 Mageia Robot 2025-06-08 08:23:28 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0178.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.