Security update for systemd

Announcement ID:	SUSE-SU-2025:20405-1
Release Date:	2025-06-12T07:16:22Z
Rating:	moderate
References:	bsc#1236177 bsc#1237496 bsc#1241190 bsc#1242938
Cross-References:	CVE-2025-4598
CVSS scores:	CVE-2025-4598 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2025-4598 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Micro 6.0 SUSE Linux Micro Extras 6.0

An update that solves one vulnerability and has three fixes can now be installed.

Description:

This update for systemd fixes the following issues:

• coredump: use %d in kernel core pattern (CVE-2025-4598)
• Revert "macro: terminate the temporary VA_ARGS_FOREACH() array with a sentinel" (SUSE specific)
• umount: do not move busy network mounts (bsc#1236177)
• man/pstore.conf: pstore.conf template is not always installed in /etc
• man: coredump.conf template is not always installed in /etc (bsc#1237496)
• Don't write messages sent from users with UID falling into the container UID range to the system journal. Daemons in the container don't talk to the outside journald as they talk to the inner one directly, which does its journal splitting based on shifted uids. (bsc#1242938)
• This re-adds back the support for the persistent net name rules as well as their generator since predictable naming scheme is still disabled by default on Micro (via the net.ifnames=0 boot option). (bsc#1241190)

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Micro 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-352=1
• SUSE Linux Micro Extras 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-352=1

Package List:

• SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
  • systemd-254.25-1.1
  • libsystemd0-254.25-1.1
  • systemd-debugsource-254.25-1.1
  • systemd-portable-debuginfo-254.25-1.1
  • udev-254.25-1.1
  • libudev1-254.25-1.1
  • systemd-container-254.25-1.1
  • libudev1-debuginfo-254.25-1.1
  • systemd-journal-remote-debuginfo-254.25-1.1
  • systemd-debuginfo-254.25-1.1
  • systemd-journal-remote-254.25-1.1
  • systemd-portable-254.25-1.1
  • udev-debuginfo-254.25-1.1
  • systemd-coredump-254.25-1.1
  • systemd-coredump-debuginfo-254.25-1.1
  • systemd-experimental-debuginfo-254.25-1.1
  • systemd-experimental-254.25-1.1
  • systemd-container-debuginfo-254.25-1.1
  • libsystemd0-debuginfo-254.25-1.1
• SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64)
  • systemd-debugsource-254.25-1.1
  • systemd-devel-254.25-1.1

References:

• https://www.suse.com/security/cve/CVE-2025-4598.html
• https://bugzilla.suse.com/show_bug.cgi?id=1236177
• https://bugzilla.suse.com/show_bug.cgi?id=1237496
• https://bugzilla.suse.com/show_bug.cgi?id=1241190
• https://bugzilla.suse.com/show_bug.cgi?id=1242938