Security update for systemd

Announcement ID:	SUSE-SU-2025:20041-1
Release Date:	2025-02-03T08:54:03Z
Rating:	critical
References:	bsc#1200723 bsc#1204968 bsc#1213873 bsc#1218110 bsc#1221906 bsc#1226414 bsc#1226415 bsc#1228091 bsc#1228223 bsc#1228809 bsc#1229518 jsc#PED-5659
Cross-References:	CVE-2022-3821
CVSS scores:	CVE-2022-3821 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3821 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3821 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Micro 6.0 SUSE Linux Micro Extras 6.0

An update that solves one vulnerability, contains one feature and has 10 fixes can now be installed.

Description:

This update for systemd fixes the following issues:

• Import commit 0512d0d1fc0b54a84964281708036a46ab39c153 0512d0d1fc cgroup: Rename effective limits internal table (jsc#PED-5659) 765846b70b cgroup: Restrict effective limits with global resource provision (jsc#PED-5659) e29909088b test: Add effective cgroup limits testing (jsc#PED-5659) beacac6df0 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659) e3b789e512 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659) 5aa063ae16 bus-print-properties: prettify more unset properties a53122c9bd bus-print-properties: ignore CGROUP_LIMIT_MAX for Memory*{Current, Peak} 8418791441 cgroup: rename TasksMax structure to CGroupTasksMax

• Don't try to restart the udev socket units anymore (bsc#1228809)

There's currently no way to restart a socket activable service and its socket units "atomically" and safely.

• Make the 32bit version of libudev.so available again (bsc#1228223)

The symlink for building 32bit applications was mistakenly dropped when the content of libudev-devel was merged into systemd-devel.

Provide the 32bit flavor of systemd-devel again, which should restore the plug and play support in Wine for 32bit windows applications.

• Import commit up to 5aa182660dff86fe9d5cba61b0c6542bb2f2db23 (merge of v254.17)

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Micro 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-73=1
• SUSE Linux Micro Extras 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-73=1

Package List:

• SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
  • systemd-experimental-254.18-1.1
  • systemd-debuginfo-254.18-1.1
  • systemd-coredump-254.18-1.1
  • libudev1-254.18-1.1
  • libudev1-debuginfo-254.18-1.1
  • systemd-journal-remote-debuginfo-254.18-1.1
  • systemd-coredump-debuginfo-254.18-1.1
  • systemd-container-254.18-1.1
  • libsystemd0-254.18-1.1
  • systemd-journal-remote-254.18-1.1
  • udev-254.18-1.1
  • udev-debuginfo-254.18-1.1
  • systemd-debugsource-254.18-1.1
  • systemd-experimental-debuginfo-254.18-1.1
  • libsystemd0-debuginfo-254.18-1.1
  • systemd-254.18-1.1
  • systemd-container-debuginfo-254.18-1.1
  • systemd-portable-debuginfo-254.18-1.1
  • systemd-portable-254.18-1.1
• SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64)
  • systemd-devel-254.18-1.1
  • systemd-debugsource-254.18-1.1

References:

• https://www.suse.com/security/cve/CVE-2022-3821.html
• https://bugzilla.suse.com/show_bug.cgi?id=1200723
• https://bugzilla.suse.com/show_bug.cgi?id=1204968
• https://bugzilla.suse.com/show_bug.cgi?id=1213873
• https://bugzilla.suse.com/show_bug.cgi?id=1218110
• https://bugzilla.suse.com/show_bug.cgi?id=1221906
• https://bugzilla.suse.com/show_bug.cgi?id=1226414
• https://bugzilla.suse.com/show_bug.cgi?id=1226415
• https://bugzilla.suse.com/show_bug.cgi?id=1228091
• https://bugzilla.suse.com/show_bug.cgi?id=1228223
• https://bugzilla.suse.com/show_bug.cgi?id=1228809
• https://bugzilla.suse.com/show_bug.cgi?id=1229518
• https://jira.suse.com/browse/PED-5659