See https://github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6m. > When systemd-machined >= v259 is running on a desktop system, an unprivileged user logged in a desktop graphical session can escalate to root via an IPC call. This is fixed in v259.2. I'm filing this for the purposes of a freeze exception. Reproducible: Always
systemd-machined is in systemd-container.rpm. It is in the @virtualization-headless comps group.
Proposed as a Freeze Exception for 44-beta by Fedora user zbyszek using the blocker tracking app because: Fixes a security vulnerability.
FEDORA-2026-c1c45c4b2d (systemd-259.3-1.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-c1c45c4b2d
FEDORA-2026-c1c45c4b2d has been pushed to the Fedora 44 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-c1c45c4b2d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-c1c45c4b2d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-c1c45c4b2d (systemd-259.3-1.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report.