Hi,
Regarding the missing patch:
On Tue, Jun 10, 2025 at 07:06:58AM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Jun 06, 2025 at 03:20:27AM +0200, Solar Designer wrote:
> > In your message to linux-distros, you shared these two patches:
> >
> > 0001-coredump-get-rid-of-_META_MANDATORY_MAX
Hi Alexander,
On Fri, Jun 06, 2025 at 03:20:27AM +0200, Solar Designer wrote:
> In your message to linux-distros, you shared these two patches:
>
> 0001-coredump-get-rid-of-_META_MANDATORY_MAX.patch
> 0003-coredump-also-stop-forwarding-non-dumpable-processes.patch
>
> So it looks like you omitte
On 06/06/2025 03:49, Solar Designer wrote:> On Thu, Jun 05, 2025 at
05:31:41AM +0200, Solar Designer wrote:
This general issue in the Linux kernel is indeed not new:
https://www.openwall.com/lists/oss-security/2012/02/08/2
https://www.openwall.com/lists/kernel-hardening/2012/02/10/1
As I re
On Thu, Jun 05, 2025 at 05:31:41AM +0200, Solar Designer wrote:
> On Tue, Jun 03, 2025 at 10:16:52AM +0200, Vegard Nossum wrote:
> > newgrp: fix potential string injection
> >
> > Since newgrp is setuid-root, any write() system calls it does in order
> > to print error messages will be done as the
Hi Zbigniew,
On Thu, May 29, 2025 at 05:17:08PM +, Qualys Security Advisory wrote:
> - always take account of the kernel's per-process "dumpable" flag (the
> %d specifier), in every code path, to decide whether a non-root user
> should be given read access to a core dump or not;
Thank you
Hi Marco,
On Tue, Jun 03, 2025 at 07:20:25PM -0300, Marco Benatto wrote:
> > Meanwhile, Red Hat confirms RHEL 9 and 10 are affected, and curiously
> > lists not only systemd, but also NetworkManager and rpm-ostree among
> > affected packages - I wonder why?
>
> This was brought to my attention an
On Tue, Jun 03, 2025 at 10:16:52AM +0200, Vegard Nossum wrote:
> On 03/06/2025 06:05, Solar Designer wrote:
> >With the PID range reduced from the default of 4M down to 2K, PID reuse
> >is quick even with simple fork(). I am getting frequent unix_chkpwd
> >coredumps (without password hashes in the
On Wed, Jun 04, 2025 at 09:52:43AM +0200, David Fernandez Gonzalez wrote:
> >I think I implemented most of what Qualys described (of the parts
> >relevant to systemd-coredump rather than only to apport), except that I
> >simply use fork() rather than clone() (slower PID reuse) and I didn't
> >imple
Hi,
Hi,
Great findings by Qualys, as usual!
Below are some comments on my attempt at reproducing the issue against
Rocky Linux 9.5's systemd-coredump (systemd-252-46.el9_5.3.x86_64):
On Thu, May 29, 2025 at 05:17:08PM +, Qualys Security Advisory wrote:
Local information disclosure in sys
Hi Alexander,
> Meanwhile, Red Hat confirms RHEL 9 and 10 are affected, and curiously
> lists not only systemd, but also NetworkManager and rpm-ostree among
> affected packages - I wonder why?
This was brought to my attention and I was checking it here. For the
NetworkManager I could check
that o
On 03/06/2025 06:05, Solar Designer wrote:
With the PID range reduced from the default of 4M down to 2K, PID reuse
is quick even with simple fork(). I am getting frequent unix_chkpwd
coredumps (without password hashes in them, which is as expected without
inotify), but none of them are getting
Hi,
Great findings by Qualys, as usual!
Below are some comments on my attempt at reproducing the issue against
Rocky Linux 9.5's systemd-coredump (systemd-252-46.el9_5.3.x86_64):
On Thu, May 29, 2025 at 05:17:08PM +, Qualys Security Advisory wrote:
> Local information disclosure in systemd-c
On 29/05/2025 19:17, Qualys Security Advisory wrote:
Qualys Security Advisory
Local information disclosure in apport and systemd-coredump
(CVE-2025-5054 and CVE-2025-4598)
The fix for these vulnerabilities is twofold:
- always take account of the kernel's per-process "dumpable" flag (the
13 matches
Mail list logo
