View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0012179 | Rocky-Linux-9 | util-linux | public | 2026-03-03 16:23 | 2026-03-03 16:23 |
| Reporter | Joe Klawitter | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Summary | 0012179: Security update for CVE-2025-14104 missing for Rocky 9.7 util-linux package | ||||
| Description | The security updates for CVE-2025-14104 were provided as following: - el8: [util-linux-0:2.32.1-48.el8_10] via RHSA-2026:1852 (2026-02-04) <-- This was made available on 2026-02-05 - el9: [util-linux-0:2.37.4-21.el9_7] via RHSA-2026:1913 (2026-02-04) <-- Still missing (not the same as util-linux-0:2.37.4-21.el9) The https://errata.rockylinux.org/RLSA-2026:1913 does not appear to denote the correct version for this security update. It references util-linux-0:2.37.4-21.el9 (which was released 2025-05-03 and does not contain the security fix in question (refer to additional information for first 10 lines of changelogs). Can this security update be made available for the Rocky el9.7 release? | ||||
| Steps To Reproduce | Package (util-linux-0:2.37.4-21.el9_7) is missing from Rocky Linux 9.7 repository and RLSA for CVE-2025-14104 appears to reference incorrect version (util-linux-0:2.37.4-21.el9). | ||||
| Additional Information | rpm -q --changelog util-linux-2.37.4-21.el9.x86_64.rpm | head -10 * Thu Jan 16 2025 Karel Zak <kzak@redhat.com> 2.37.4-21 - fix RHEL-56354 - lib/timeutils: parse_timestamp: fix second parsing - fix RHEL-56983 - sulogin: fix POSIX locale use * Thu Aug 22 2024 Karel Zak <kzak@redhat.com> 2.37.4-20 - fix RHEL-25559 - more: make sure we have data on stderr * Tue Aug 20 2024 Karel Zak <kzak@redhat.com> 2.37.4-19 - fix RHEL-34165 - lsipc: fix semaphore USED counter - fix RHEL-25265 - libblkid: Check offset in LUKS2 header rpm -q --changelog util-linux-2.32.1-48.el8_10.x86_64.rpm | head -10 warning: util-linux-2.32.1-48.el8_10.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 6d745a60: NOKEY * Mon Dec 15 2025 Karel Zak <kzak@redhat.com> 2.32.1-48 - fix RHEL-134296 - libblkid: use snprintf() instead of sprintf() - fix RHEL-133946 - login-utils: fix setpwnam() buffer use [CVE-2025-14104] * Mon Nov 10 2025 Karel Zak <kzak@redhat.com> 2.32.1-47 - fix RHEL-117686 - lslogins: use sd_journal_get_data() in proper way * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.32.1-46 - fix RHEL-13741 - lscpu: avoid EBUSY on cpuinfo_max_freq - fix RHEL-18451 - logger: initialize socket credentials control union | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-03-03 16:23 | Joe Klawitter | New Issue |
