Oracle alert ELSA-2025-22660 (systemd)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2025-22660 Moderate: Oracle Linux 9 systemd security update | |
| Date: | Fri, 05 Dec 2025 05:17:03 -0800 | |
| Message-ID: | <mailman.133.1764940632.30.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2025-22660 http://linux.oracle.com/errata/ELSA-2025-22660.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: rhel-net-naming-sysattrs-252-55.0.3.el9_7.7.noarch.rpm systemd-252-55.0.3.el9_7.7.i686.rpm systemd-252-55.0.3.el9_7.7.x86_64.rpm systemd-boot-unsigned-252-55.0.3.el9_7.7.x86_64.rpm systemd-container-252-55.0.3.el9_7.7.i686.rpm systemd-container-252-55.0.3.el9_7.7.x86_64.rpm systemd-devel-252-55.0.3.el9_7.7.i686.rpm systemd-devel-252-55.0.3.el9_7.7.x86_64.rpm systemd-journal-remote-252-55.0.3.el9_7.7.x86_64.rpm systemd-libs-252-55.0.3.el9_7.7.i686.rpm systemd-libs-252-55.0.3.el9_7.7.x86_64.rpm systemd-oomd-252-55.0.3.el9_7.7.x86_64.rpm systemd-pam-252-55.0.3.el9_7.7.x86_64.rpm systemd-resolved-252-55.0.3.el9_7.7.x86_64.rpm systemd-rpm-macros-252-55.0.3.el9_7.7.noarch.rpm systemd-udev-252-55.0.3.el9_7.7.x86_64.rpm systemd-ukify-252-55.0.3.el9_7.7.noarch.rpm aarch64: rhel-net-naming-sysattrs-252-55.0.3.el9_7.7.noarch.rpm systemd-252-55.0.3.el9_7.7.aarch64.rpm systemd-boot-unsigned-252-55.0.3.el9_7.7.aarch64.rpm systemd-container-252-55.0.3.el9_7.7.aarch64.rpm systemd-devel-252-55.0.3.el9_7.7.aarch64.rpm systemd-journal-remote-252-55.0.3.el9_7.7.aarch64.rpm systemd-libs-252-55.0.3.el9_7.7.aarch64.rpm systemd-oomd-252-55.0.3.el9_7.7.aarch64.rpm systemd-pam-252-55.0.3.el9_7.7.aarch64.rpm systemd-resolved-252-55.0.3.el9_7.7.aarch64.rpm systemd-rpm-macros-252-55.0.3.el9_7.7.noarch.rpm systemd-udev-252-55.0.3.el9_7.7.aarch64.rpm systemd-ukify-252-55.0.3.el9_7.7.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/systemd-252-55.0.... Related CVEs: CVE-2025-4598 Description of changes: [252-55.0.3.7] - serialize: don't allocate 1M on the stack just like that [LINUX-16166] - Route logs from container mapped uids to the system journal [Orabug: 38135007] - Drop delay when nspawn fails to reset loginuid [Orabug: 37793135] - Improve logging for api bus connection and subscribers [Orabug: 38040980] - Defer processing of timeout events in sd-bus api [Orabug: 38064217] - coredump: use %d in kernel core pattern - CVE-2025-4598 - Add bus description to sd-bus outgoing sockets [Orabug: 37347576] - Add log messages about daemon-reload requester and duration [Orabug: 37347576] - Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224] - 1A) Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 36269319] - 1B) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319] - 1C) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319] - 1D) Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224] - Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469] - shutdown: get only active md arrays. [Orabug: 34467234] - Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407] - Removed unneeded patches from the systemd.spec - 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490] - 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490] - 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110] - Removed the following, associated with [Orabug: 36269319]: - 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch - 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319] - 2C) Remove "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319] - 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319] - 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319] [252-55.7] - core: fix array size in unit_log_resources() (RHEL-132120) [252-55.6] - timer: rebase last_trigger timestamp if needed (RHEL-127022) [252-55.5] - test: rename TEST-53-ISSUE-16347 to TEST-53-TIMER (RHEL-127022) - test: restarting elapsed timer shouldn't trigger the corresponding service (RHEL-127022) - test: check the next elapse timer timestamp after deserialization (RHEL-127022) - timer: don't run service immediately after restart of a timer (RHEL-127022) - test: store and compare just the property value (RHEL-127022) - timer: rebase the next elapse timestamp only if timer didn't already run (RHEL-127022) - coredump: handle ENOBUFS and EMSGSIZE the same way (RHEL-126114) [252-55.4] - cryptsetup: Add optional support for linking volume key in keyring. (RHEL-118294) - cryptsetup: fix typo (RHEL-118294) - cryptsetup: HAVE_CRYPT_SET_KEYRING_TO_LINK is always defined (RHEL-118294) - basic: add PIDFS magic (#31709) (RHEL-118294) - time-util: make USEC_TIMESTAMP_FORMATTABLE_MAX for 32bit system off by one day (RHEL-118294) - coredump: make check that all argv[] meta data fields are passed strict (RHEL-104138) - coredump: restore compatibility with older patterns (RHEL-104138) - coredump: use %d in kernel core pattern (RHEL-104138) - pidref: add structure that can reference a pid via both pidfd and pid_t (RHEL-104138) - fd-util: introduce parse_fd() (RHEL-104138) - coredump: add support for new %F PIDFD specifier (RHEL-104138) [252-55.2] - Revert "test-time-util: disable failing tests" (RHEL-110954) - test: use get_timezones() to iterate all known timezones (RHEL-110954) - test-time-util: do not fail on DST change (RHEL-110954) - test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone (RHEL-110954) - test-time-util: do more suppression of time zone checks (RHEL-110954) - test-time-util: fix truncation of usec to sec (RHEL-110954) - test: unset TZ before timezone-sensitive unit tests are run (RHEL-110954) - meson: extend timeout for test-time-util (RHEL-110954) - time-util: use DEFINE_STRING_TABLE_LOOKUP_TO_STRING() macro (RHEL-110954) - time-util: align string table (RHEL-110954) - time-util: rename variables (RHEL-110954) - time-util: add assertions (RHEL-110954) - time-util: drop redundant else (RHEL-110954) - time-util: do not use strdupa() (RHEL-110954) - time-util: use result from startswith_no_case() (RHEL-110954) - time-util: use usec_add() and usec_sub_unsigned() (RHEL-110954) - time-util: shorten code a bit (RHEL-110954) - time-util: rename variables (RHEL-110954) - time-util: drop unnecessary assignment of timezone name (RHEL-110954) - time-util: make parse_timestamp() use the RFC-822/ISO 8601 standard timezone spec (RHEL-110954) - time-util: fix typo (RHEL-110954) - ci: bump the tools tree to F42 (RHEL-110954) [252-55.1] - meson: /etc/systemd/network is also used by udevd (RHEL-111611) - test: add tests for format_timestamp() and parse_timestamp() with various timezone (RHEL-110954) - test-time-util: disable failing tests (RHEL-110954) - test: test parse_timestamp() in various timezone (RHEL-110954) - systemctl: logind: add missing asserts (RHEL-110954) - systemctl: logind: make logind_schedule_shutdown accept action as param (RHEL-110954) - systemctl: add option --when for scheduled shutdown (RHEL-110954) - test-time-util: add test cases to invalidate "show" and "cancel" (RHEL-110954) - sd-bus: make bus_add_match_full accept timeout (RHEL-111630) - core/unit: add get_timeout_start_usec in UnitVTable and define it for service (RHEL-111630) - core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (RHEL-111630) - core,sd-bus: drop empty lines between function call and error check (RHEL-111630) - core: do not disconnect from bus when failed to install signal match (RHEL-111630) - dbus: stash the subscriber list when we disconenct from the bus (RHEL-111630) - manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-111630) - bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-111630) - core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-111630) - core/manager: drop duplicate bus track deserialization (RHEL-111630) - sd-bus/bus-track: use install_callback in sd_bus_track_add_name() (RHEL-111630) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata