INFBA-2025:4872: rpm-ostree security update
Information about definition
Identificator: INFBA-2025:4872
Type: bugfix
Release date: 2025-07-25 10:25:00 UTC
Information about package
rpm-ostree is a hybrid image and package system that combines libostree for image-based updates with RPM for package management. It allows for atomic updates, where the entire operating system is updated as a single unit, and also supports layering additional packages on top of the base image. This approach provides a balance between the stability of image-based systems and the flexibility of package-based systems.
Vulnerabilities description
- CVE-2024-2905
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-2905
|
no information | 6.2 | no information |
Updated packages
Preparing to download...