stable

Fix CVE-2024-2905

FEDORA-2024-589189d414 created by siosm 2 months ago for Fedora 40

Securit fix for CVE-2024-2905 Backport fix for /etc/[g]shadow permissions


Backport patch to fix https://github.com/coreos/rpm-ostree/issues/4879

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-589189d414

This update has been submitted for testing by siosm.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update has obsoleted rpm-ostree-2024.4-3.fc40, and has inherited its bugs and notes.

2 months ago
User Icon siosm provided feedback 2 months ago
BZ#2271585 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file
BZ#2274140 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file [fedora-all]

This update's test gating status has been changed to 'passed'.

2 months ago
User Icon adamwill commented & provided feedback 2 months ago
karma

Fix confirmed here. I installed a random Silverblue ISO from January and confirmed the bug ( /etc/shadow and /etc/gshadow were readable as a regular user), then installed from the ISO above and confirmed the fix ( /etc/shadow and /etc/gshadow are no longer readable as a regular user).

BZ#2271585 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file
BZ#2274140 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file [fedora-all]
karma
BZ#2271585 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file
BZ#2274140 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file [fedora-all]
karma

This update has been pushed to testing.

2 months ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
approved
2 months ago
BZ#2271585 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file
0
3
BZ#2274140 CVE-2024-2905 rpm-ostree: world-readable /etc/shadow file [fedora-all]
0
3

Automated Test Results