diff --git a/SPECS/util-linux/CVE-2025-14104.patch b/SPECS/util-linux/CVE-2025-14104.patch new file mode 100644 index 00000000000..57beccde3db --- /dev/null +++ b/SPECS/util-linux/CVE-2025-14104.patch @@ -0,0 +1,30 @@ +From 0ee23acab74d6b15cba6eaf9eee0454ca045065a Mon Sep 17 00:00:00 2001 +From: Mohamed Maatallah +Date: Mon, 26 May 2025 10:06:02 +0100 +Subject: [PATCH] Update bufflen + +Update buflen + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/util-linux/util-linux/commit/9a36d77012c4c771f8d51eba46b6e62c29bf572a.patch +--- + login-utils/setpwnam.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c +index 3e3c1ab..0d20621 100644 +--- a/login-utils/setpwnam.c ++++ b/login-utils/setpwnam.c +@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix) + goto fail; + + namelen = strlen(pwd->pw_name); +- ++ if (namelen > buflen) ++ buflen += namelen; + linebuf = malloc(buflen); + if (!linebuf) + goto fail; +-- +2.45.4 + diff --git a/SPECS/util-linux/util-linux.spec b/SPECS/util-linux/util-linux.spec index 46172181d63..e9211963379 100644 --- a/SPECS/util-linux/util-linux.spec +++ b/SPECS/util-linux/util-linux.spec @@ -1,7 +1,7 @@ Summary: Utilities for file systems, consoles, partitions, and messages Name: util-linux Version: 2.37.4 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -14,6 +14,7 @@ Source3: su Source4: su-l Patch0: libblkid-src-probe-check-for-ENOMEDIUM.patch Patch1: 0001-wall-fix-escape-sequence-Injection-CVE-2024-28085.patch +Patch2: CVE-2025-14104.patch BuildRequires: audit-devel BuildRequires: libcap-ng-devel BuildRequires: libselinux-devel @@ -152,6 +153,9 @@ rm -rf %{buildroot}/lib/systemd/system %{_mandir}/man3/* %changelog +* Mon Dec 15 2025 Azure Linux Security Servicing Account - 2.37.4-10 +- Patch for CVE-2025-14104 + * Thu Apr 18 2024 Bala - 2.37.4-9 - Patch CVE-2024-28085 in wall command diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 7c568641d01..081c4680942 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -66,9 +66,9 @@ make-4.3-3.cm2.aarch64.rpm patch-2.7.6-8.cm2.aarch64.rpm libcap-ng-0.8.2-2.cm2.aarch64.rpm libcap-ng-devel-0.8.2-2.cm2.aarch64.rpm -util-linux-2.37.4-9.cm2.aarch64.rpm -util-linux-devel-2.37.4-9.cm2.aarch64.rpm -util-linux-libs-2.37.4-9.cm2.aarch64.rpm +util-linux-2.37.4-10.cm2.aarch64.rpm +util-linux-devel-2.37.4-10.cm2.aarch64.rpm +util-linux-libs-2.37.4-10.cm2.aarch64.rpm tar-1.34-3.cm2.aarch64.rpm xz-5.2.5-1.cm2.aarch64.rpm xz-devel-5.2.5-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 0b1c921738f..cb08b8dd6d0 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -66,9 +66,9 @@ make-4.3-3.cm2.x86_64.rpm patch-2.7.6-8.cm2.x86_64.rpm libcap-ng-0.8.2-2.cm2.x86_64.rpm libcap-ng-devel-0.8.2-2.cm2.x86_64.rpm -util-linux-2.37.4-9.cm2.x86_64.rpm -util-linux-devel-2.37.4-9.cm2.x86_64.rpm -util-linux-libs-2.37.4-9.cm2.x86_64.rpm +util-linux-2.37.4-10.cm2.x86_64.rpm +util-linux-devel-2.37.4-10.cm2.x86_64.rpm +util-linux-libs-2.37.4-10.cm2.x86_64.rpm tar-1.34-3.cm2.x86_64.rpm xz-5.2.5-1.cm2.x86_64.rpm xz-devel-5.2.5-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index bf9e0106e30..a5b6ded96eb 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -572,11 +572,11 @@ texinfo-6.8-1.cm2.aarch64.rpm texinfo-debuginfo-6.8-1.cm2.aarch64.rpm unzip-6.0-22.cm2.aarch64.rpm unzip-debuginfo-6.0-22.cm2.aarch64.rpm -util-linux-2.37.4-9.cm2.aarch64.rpm -util-linux-debuginfo-2.37.4-9.cm2.aarch64.rpm -util-linux-devel-2.37.4-9.cm2.aarch64.rpm -util-linux-lang-2.37.4-9.cm2.aarch64.rpm -util-linux-libs-2.37.4-9.cm2.aarch64.rpm +util-linux-2.37.4-10.cm2.aarch64.rpm +util-linux-debuginfo-2.37.4-10.cm2.aarch64.rpm +util-linux-devel-2.37.4-10.cm2.aarch64.rpm +util-linux-lang-2.37.4-10.cm2.aarch64.rpm +util-linux-libs-2.37.4-10.cm2.aarch64.rpm which-2.21-8.cm2.aarch64.rpm which-debuginfo-2.21-8.cm2.aarch64.rpm xz-5.2.5-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 5fc8546bc38..b16a0963f4d 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -578,11 +578,11 @@ texinfo-6.8-1.cm2.x86_64.rpm texinfo-debuginfo-6.8-1.cm2.x86_64.rpm unzip-6.0-22.cm2.x86_64.rpm unzip-debuginfo-6.0-22.cm2.x86_64.rpm -util-linux-2.37.4-9.cm2.x86_64.rpm -util-linux-debuginfo-2.37.4-9.cm2.x86_64.rpm -util-linux-devel-2.37.4-9.cm2.x86_64.rpm -util-linux-lang-2.37.4-9.cm2.x86_64.rpm -util-linux-libs-2.37.4-9.cm2.x86_64.rpm +util-linux-2.37.4-10.cm2.x86_64.rpm +util-linux-debuginfo-2.37.4-10.cm2.x86_64.rpm +util-linux-devel-2.37.4-10.cm2.x86_64.rpm +util-linux-lang-2.37.4-10.cm2.x86_64.rpm +util-linux-libs-2.37.4-10.cm2.x86_64.rpm which-2.21-8.cm2.x86_64.rpm which-debuginfo-2.21-8.cm2.x86_64.rpm xz-5.2.5-1.cm2.x86_64.rpm