CoreOS Security Update (MINDBREEZE36424)
ID: MINDBREEZE36424
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 9.4 Critical
Status: Final
First published: August 26, 2025
CVEs: CVE-2025-23395, CVE-2025-46802, CVE-2025-46803, CVE-2025-46804, CVE-2025-46805, CVE-2025-5278, CVE-2025-4598, CVE-2025-6032, CVE-2025-6020, CVE-2024-57970, CVE-2025-1632, CVE-2025-25724, CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517
Summary
- screen: When running setuid-root privileged, the logfile_reopen() function does not drop privileges while operating on a user-supplied path
- screen: For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session
- screen: The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system
- screen: File Existence Tests via Socket Lookup Error Messages
- screen: Race Conditions when Sending Signals
- coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification
- systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump
- podman: podman missing TLS verification
- linux-pam: Linux-pam directory Traversal
- libarchive: heap buffer over-read in header_gnu_longlink
- libarchive: null pointer dereference in bsdunzip.c
- libarchive: Buffer Overflow vulnerability in libarchive
- cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
- cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
- cpython: python: Extraction filter bypass for linking outside extraction directory
- python: cpython: Arbitrary writes via tarfile realpath overflow
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 25.5 Release
- Mindbreeze InSpire SaaS 25.5 Release